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FTO-159C{9-90) 



=>d l-ti,fd,ab 



=> s (java(a)stream?) or (java(a)secur?) or (java(a)channel) 

250 JAVA 
251924 STREAM? 

0 JAVA(A)STREAM? 
250 JAVA 

783472 SECUR? 

1 JAVA(A)SECUR? 
250 JAVA 

334753 CHANNEL 
0 JAVA(A)CHANNEL 
L10 1 (JAVA(A)STREAM?) OR (JAVA(A)SECUR?) OR (JAVA(A)CHANNEL) 

=>dllOti,ab,fd 



FILE USPAT ENTERED AT 14:35:07 ON 25 NOV 1998 

******************************** 

* WELCOME TO THE * 

* U.S. PATENT TEXT FILE * 
******************************** 



=> query java(a)stream? 

LI QUE JAVA(A)STREAM? 

=> query java(a)encrypt? 

L2 QUE JAVA(A)ENCRYPT? 

=>sll 

256 JAVA 
252345 STREAM? 
L3 0 JAVA(A)STREAM? 

=>sl2 

256 JAVA 
5585 ENCRYPT? 
L4 0 JAVA(A)ENCRYPT? 

=> s java(p)(stream?) 

256 JAVA 
252345 STREAM? 
L5 7 JAVA(P)(STREAM?) 



=> sjava(p)encrypt? 



41 



256 JAVA 
5585 ENCRYPT? 
L6 5 JAVA(P)ENCRYPT? 

=>d l-ti,fd,ab 

=> s java(p)(channel) 

256 JAVA 
335291 CHANNEL 
L7 2 JAVA(P)(CHANNEL) 



FILE 'USPAT* ENTERED AT 16:26:16 ON 30 NOV 1998 

******************************** 

* WELCOME TO THE * 

* U.S. PATENT TEXT FILE * 
******************************** 



=> query multi-cast? or multicast? or webcast? or broadcast? 

MULTI-CAST? 
(MULTI(W)CAST?) 

LI QUE MULTI-CAST? OR MULTICAST? OR WEBCAST? OR BROADCAST? 

=> query network or internet 

L2 QUE NETWORK OR INTERNET 

=> s 11 and 12 

231228 MULTI 
186693 CAST? 
183 MULTI-CAST? 

(MULTI(W)CAST?) 
882 MULTICAST? 
0 WEBCAST? 
27479 BROADCAST? 
144465 NETWORK 
2423 INTERNET 
L3 11553 LI AND L2 

=> s 13 and multi-cast or multicast 

231228 MULTI 
105596 CAST 
154 MULTI-CAST 

(MULTI(W)CAST) 
808 MULTICAST 
L4 882 L3 AND MULTI-CAST OR MULTICAST 

=> s 13 and( multi-cast or multicast) 

231228 MULTI 
105596 CAST 



154 MULTI-CAST 

(MULTI(W)CAST) 
808 MULTICAST 
L5 855 L3 AND( MULTI-CAST OR MULTICAST) 

=> s 15 and (stream?) 

252345 STREAM? 
L6 397 L5 AND (STREAM?) 

=> s 16 and (protocol or layer) 

40449 PROTOCOL 
533380 LAYER 
L7 34 1 L6 AND (PROTOCOL OR LAYER) 

=> d 1-20 ti,fd,ab 

FILE 'USPAP ENTERED AT 17:01:29 ON 30 NOV 1998 

******************************** 

* WELCOME TO THE * 

* U.S. PATENT TEXT FILE * 
******************************** 

=> s (multi-stream or multiple(a)stream)(p)(network or internet) 

231228 MULTI 
223427 STREAM 
111 MULTI-STREAM 
(MULTI(W)STREAM) 
380834 MULTIPLE 
223427 STREAM 
144465 NETWORK 
2423 INTERNET 

LI 19 (MULTI-STREAM OR MULTIPLE(A)STREAM)(P)(NETWORK OR INTERNET) 



=>dl-ti,fd,ab 
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(INDEPENDENT? OR SEPARATE?) (N2) (LAYER? OR PROTOCOL?) 
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(SECURE () CHANNEL? OR JAVA (N2 ) STREAM? OR JAVA () SECURE () CHAN 




NEL?) 


o *± 


29331 


(FIRST AND SECOND) (N2) (NODE? OR PROCESS?) 




24577 


COMMUNICATION? (N) PROTOCOL? 


S6 


19 


((COMMUNICATION?) (N2) (CHANNEL? OR PROTOCOL?)) (N50) (S2(N3)I 




NDEPENDENT?) 


S7 


3 
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S15 


7 


S3 AND S4 


S16 
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S17 
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S19 
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S17(S)S3 
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S17 AND S3 
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19 
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7/3, K/l (Item 1 from file: 674) 

DIALOG (R) File 674 : Computer News Fulltext 

(c) 1998 IDG Communications. All rts . reserv. 



065574 

Remtoe access 1999 

Prognosticators point to the remote access technologies that will best 
meet your needs. 

Byline: Arielle Emmett 

Journal: Network World Page Number: 41 

Publication Date: April 06, 1998 

Word Count: 2554 Line Count: 234 

Text: 

...for security (see story, page 43), carriers can offer QoS-type services 
and carve out secure channels to boost performance, she says. 

"We see ISPs charging higher fees per port when they ... encryption and 
authentication mechanisms, meaning the ISP and its customers have to 
address those issues separately . 

Another protocol , IP Security (IPSec) , is intended to overcome that 
limitation by offering X.509 digital certificate... 



7/3, K/ 2 (Item 1 from file: 636) 

DIALOG (R) File 636:IAC Newsletter DB(TM) 

(c) 1998 Information Access Co. All rts. reserv. 



02932688 

NETSCAPE: Netscape announces Secure Courier — A digital envelope for 
securing Internet transactions 

M2 Presswire Oct 11, 1995 

WORD COUNT: 941 

PUBLISHER: M2 Communications 



. . . PC to the financial institution. In addition, Secure Courier enables 
consumer authentication for merchants. While secure channel protocols 
such as SSL encrypt data passing along the network between a client system 
and. . . 



. . . people already have SSL-enabled products, which have been available 
since December 1994. SSLis application protocol - independent and 
provides encryption, which creates a secured channel to prevent others from 
tapping into the. . . 



7/3,K/3 (Item 1 from file: 148) 

DIALOG (R) File 148:IAC Trade & Industry Database 
(c) 1998 Info Access Co. All rts. reserv. 

07995389 SUPPLIER NUMBER: 17277850 (USE FORMAT 7 OR 9 FOR FULL TEXT) 

NETSCAPE ANNOUNCES SECURE COURIER - A DIGITAL ENVELOPE FOR SECURING 
FINANCIAL TRANSACTIONS ON THE INTERNET 

PR Newswire, p718LA031 
July 18, 1995 

LANGUAGE: English RECORD TYPE: Fulltext 

WORD COUNT: 7 93 LINE COUNT: 00087 

... PC to the financial institution. In addition, Secure Courier 

enables consumer authentication for merchants. While secure channel 
protocols such as SSL encrypt data passing along the network between a 
client system and. . . 

...already have SSL-enabled products, which have been available since 
December 1994. SSL is application protocol - independent and provides 
encryption, which creates a secured channel to prevent others from tapping 
into the. . . 



12/3, K/l (Item 1 from file: 647) 

DIALOG (R) File 647: CMP Computer Fulltext 
(c) 1998 CMP. All rts. reserv. 

01075551 CMP ACCESSION NUMBER: EET19951215S0027 
Net looks for secure feeling 
Margaret Ryan 

ELECTRONIC ENGINEERING TIMES, 1995, n 880, PG54 
PUBLICATION DATE: 951215 

JOURNAL CODE: EET LANGUAGE: English 

RECORD TYPE: Fulltext 

SECTION HEADING: Best 1995 Technologies: World Wide Web 
WORD COUNT: 1191 

The recipient then unscrambles the message with the secret key. 
Netscape is also working on separate security protocols that 
are application-specific- for instance, Secure Courier Transaction, co- 
developed with Mastercard. The protocol... 

...and Secure Hypertext Transfer Protocol (S-HTTP ), a security-enhanced 
version of HTTP, the internal communications protocol of the World 
Wide Web. With them, it can communicate with all types of secure. . . 



12/3 ,K/2 (Item 2 from file: 647) 

DIALOG (R) File 647: CMP Computer Fulltext 
(c) 1998 CMP. All rts. reserv. 

00516203 CMP ACCESSION NUMBER: NWC19920601S0354 
What Are the Standards for Interoperable LAN Security 

Dan Minoli 

NETWORK COMPUTING, 1992, n 306 , 148 
PUBLICATION DATE: 920601 

JOURNAL CODE: NWC LANGUAGE: English 

RECORD TYPE: Fulltext 
SECTION HEADING: Workshops 
WORD COUNT: 1576 

implementations to specify compliance to SILS Secure Data 
Exchange, SILS Key Management and SILS System/Security Management 
independently . The protocols must support a transparent implementation 
for devices that currently exist on the network. That is... 

...of the SILS model. The user stacks shown in the diagram are the 
existing network communication protocols before SILS is implemented. 
These stacks request security services from SDE. In turn, the SDE. . . 



12/3, K/3 (Item 1 from file: 275) 

DIALOG (R) File 275:IAC(SM) Computer Database (TM) 
(c) 1998 Info Access Co. All rts. reserv, 

01251285 SUPPLIER NUMBER: 06284720 (USE FORMAT 7 OR 9 FOR FULL TEXT) 

Modems tackle real work. 
Powell, Dave 

Telecommunication Products & Technology, v6, n2, p47(5) 
Feb, 1988 

ISSN: 074 6-6072 LANGUAGE: ENGLISH RECORD TYPE: FULLTEXT; ABSTRACT 

WORD COUNT: 2758 LINE COUNT: 00227 

... offers an EC (Encryption Card) option for $1250, which is based on 

the DES (Data Encryption STandard) algorithm approved by the National 
Bureua of Standards. Protocol -independent in point-to-point or 
multipoint networks, the option encrypts using a randomly generated 64... 
Another nagging problem for network managers is supporting a growing 
variety of vendor equipment and communications protocols . To some 



extent, Bell and CCITT standards have been a saving grace. But, 
unf ortuantely, high. . . 



12/3, K/4 (Item 2 from file: 275) 

DIALOG (R) File 275 : IAC (SM) Computer Database (TM) 
(c) 1998 Info Access Co. All rts . reserv. 

01242845 SUPPLIER NUMBER: 06536751 (USE FORMAT 7 OR 9 FOR FULL TEXT) 

OS-2 LAN Manager provides a platform for server-based network applications. 

Kessler, Alan 

Microsoft Systems Journal, v3, n2, p29(10) 
March, 1988 

ISSN: 0889-9932 LANGUAGE: ENGLISH RECORD TYPE: FULLTEXT; ABSTRACT 

WORD COUNT: 5004 LINE COUNT: 00417 

garner a large market share. However, NetBIOS requires the 
application developer to understand a detailed communication protocol 
at very low levels in the system, therefore making NetBIOS applications 
difficult to develop. Also... 

...system software product called OS/2 LAN Server, which also is hosted by 
OS/2. 

Protocol -Independent 

Applications written to take advantage of the security , network 
management, or any other LAN Manager feature are portable to many different 
network environments... 



12/3, K/5 (Item 1 from file: 16) 

DIALOG (R) File 16: IAC PROMT (R) 

(c) 1998 Information Access Co. All rts. reserv. 
05893810 

Net looks for secure feeling 

Issues new encryption software after discovering flaw 
Electronic Engineering Times Dec 15, 1995 p. 54 
ISSN: 0192-1541 

*FULL TEXT AVAILABLE IN FORMAT 7 OR 9* WORD COUNT: 1193 

...The recipient then unscrambles the message with the secret key. 

Netscape is also working on separate security protocols that are 
application-specific- for instance, Secure Courier Transaction, co-developed 
with Mastercard. The protocol... 

...and Secure Hypertext Transfer Protocol (S-HTTP) , a security-enhanced 
version of HTTP, the internal communications protocol of the World Wide 
Web. With them, it can communicate 



12/3, K/6 (Item 2 from file: 16) 

DIALOG (R) File 16: IAC PROMT (R) 

(c) 1998 Information Access Co. All rts . reserv. 
03868111 

What Are the Standards for Interoperable LAN Security? 

Network Computing June, 1992 p. 14 8 

*FULL TEXT AVAILABLE IN FORMAT 7 OR 9* WORD COUNT: 1524 

...implementations to specify compliance to SILS Secure Data Exchange, 
SILS Key Management and SILS System/ Security Management independently . 
The protocols must support a transparent implementation for devices that 
currently exist on the network. That is... 

...of the SILS model. The user stacks shown in the diagram are the 
existing network communication protocols before SILS is implemented. 
These stacks request security services from SDE. In turn, the SDE. . . 



12/3, K/7 (Item 1 from file: 148) 

DIALOG (R) File 148:IAC Trade & Industry Database 
(c) 1998 Info Access Co. All rts. reserv. 

08379132 SUPPLIER NUMBER: 17990694 (USE FORMAT 7 OR 9 FOR FULL TEXT) 

Net looks for secure feeling. (Best 1995 Technologies: World Wide 
Web) (includes related article on Industry. Net Online Marketplace) 
(Technology Information) 

Ryan, Margaret 

Electronic Engineering Times, n880, p54(2) 
Dec 15, 1995 

ISSN: 0192-1541 LANGUAGE: English RECORD TYPE: Fulltext; Abstract 

WORD COUNT: 1300 LINE COUNT: 00109 

The recipient then unscrambles the message with the secret key. 
Netscape is also working on separate security protocols that are 
application-specific- for instance, Secure Courier Transaction, co-developed 
with Mastercard. The protocol... 

...and Secure Hypertext Transfer Protocol (S-HTTP) , a security-enhanced 
version of HTTP, the internal communications protocol of the World Wide 
Web. With them, it can communicate with all types of secure... 

18/3, K/l (Item 1 from file: 621) 

DIALOG(R) File 621:IAC New Prod.Annou. (R) 

(c) 1998 Information Access Co. All rts. reserv. 

01002527 53162572 

RSA Provides Single Source for Java Security. 

PR Newswire 

DATELINE: PRNewswire, New SSL and Enhanced Crypto Components Give 
Developers Complete Package For Java Security Needs SAN MATEO, Calif., Nov. 
3 Nov 3, 1998 WORD COUNT: 1008 

...session-based encryption and authentication. SSL is a general-purpose 
protocol, and provides a secure communications channel between two 
points, server authentication, and, optionally, client authentication. As 
a result, it prevents eavesdropping. . . 

...communications within their applications. Users of SSL include 
business, government and services development organizations and 
independent software vendors (ISVs) . 
BSAFE Crypto -J 

RSA's BSAFE Crypto- J 2.0 builds on the success of its predecessor... 



18/3, K/2 (Item 2 from file: 621) 

DIALOG(R) File 621:IAC New Prod.Annou. (R) 

(c) 1998 Information Access Co. All rts. reserv. 

00722368 00722804 

SPYRUS and Terisa Systems Announce Strategic Partnership to Combine 
Cryptographic Toolkits, Protocols, and Applications; Cryptography, 
protocol, and application solutions are integrated to bring the security 
benefits of hardware cryptography to multiple protocols . 

Business Wire 

DATELINE: SAN FRANCISCO Jan 27, 1997 WORD COUNT: 1106 

...Secure HTTP is an interoperable extension of the World Wide Web f s 
existing HyperText Transfer Protocol that provides communication and 
transaction security for WWW clients and servers. SSL is a transport 



level security mechanism. 



...provider of high-assurance hardware 

cryptographic products that are Algorithm Agile (tm) and form factor 

independent . SPYRUS 1 products provide encryption , digital signature, 
access control, and metering solutions for Corporate IS, 
WWW/Internet and Intranet Applications... 

20/3 ,K/1 (Item 1 from file: 636) 

DIALOG (R) File 636:IAC Newsletter DB (TM) 

(c) 1998 Information Access Co. All rts. reserv. 

02932688 

NETSCAPE: Netscape announces Secure Courier — A digital envelope for 
securing Internet transactions 

M2 Presswire Oct 11, 1995 

WORD COUNT: 941 

PUBLISHER: M2 Communications 

...PC to the financial institution. In addition, Secure Courier enables 
consumer authentication for merchants. While secure channel protocols 
such as SSL encrypt data passing along the network between a client system 
and. . . 

... already have SSL-enabled products, which have been available since 
December 1994. SSLis application protocol- independent and provides 

encryption , which creates a secured channel to prevent others from 
tapping into the network; authentication, which. . . 



20/3, K/2 (Item 1 from file: 148) 

DIALOG (R) File 148:IAC Trade & Industry Database 
(c) 1998 Info Access Co. All rts. reserv. 

07995389 SUPPLIER NUMBER: 17277850 (USE FORMAT 7 OR 9 FOR FULL TEXT) 

NETSCAPE ANNOUNCES SECURE COURIER - A DIGITAL ENVELOPE FOR SECURING 
FINANCIAL TRANSACTIONS ON THE INTERNET 

PR Newswire, p718LA031 
July 18, 1995 

LANGUAGE: English RECORD TYPE: Full text 

WORD COUNT: 793 LINE COUNT: 00087 

... PC to the financial institution. In addition, Secure Courier 

enables consumer authentication for merchants. While secure channel 
protocols such as SSL encrypt data passing along the network between a 
client system and. . . 

...have SSL-enabled products, which have been available since December 
1994. SSL is application protocol- independent and provides encryption , 
which creates a secured channel to prevent others from tapping into the 
network; authentication, which. 

22/3, K/l (Item 1 from file: 621) 

DIALOG(R) File 621:IAC New Prod. Annou . (R) 

(c) 1998 Information Access Co. All rts. reserv. 

00545674 00545674 

SCSI CONNECTIVITY LIMITATIONS SOLVED WITH NEW, HIGH SPEED ARCHITECTURE FROM 
VICOM SYSTEMS 

PR Newswire 

DATELINE: LAS VEGAS Nov 13, 1995 WORD COUNT: 668 
...using industry standard SCSI or SSA 

interfaces. With multiple simultaneous transmission rates of 
640Mbits per second / increased node - to-node distances and unlimited 



devices per channel, SLIC finally enables the promised benefits of... 
...SCSI and SSA products. "We expect a number of SLIC 

implementations will be as an independent communications protocol to 

take advantage of the 640Mbit per second transfer rate and its 
support of simultaneous... 

...high performance communications environments 
independent of LANs, WANs or other networks and is the only 

communications protocol that supports simultaneous transmissions. 
SLIC incorporates advanced SCSI features such as command processing, 
tagged queuing. . . 

24/3 ,K/1 (Item 1 from file: 15) 

DIALOG ( R) File 15 :ABI/ INFORM ( R) 
(c) 1998 UMI. All rts. reserv. 

01520486 01-71474 
Standards promise safe, secure data transmission 

Harler, Curt 

Managing Office Technology v42n5 PP: 18 May 1997 
ISSN: 1070-4051 JRNL CODE: MOP 

AVAILABILITY: Fulltext online. Photocopy available from ABI/INFORM 1402.02 
WORD COUNT: 608 

ABSTRACT: In networking, PICA (Platform-Independent Cryptography API) is 
an emerging standard that will let businesses send data securely over wide 
area . . . 

...or the Internet. The announcement that Apple, IBM, JavaSoft, Motorola, 
Netscape, Nortel, Novell, RSA Data Security , and Silicon Graphics will 
all support PICA as a cryptography API should move data security ahead 
by leaps and bounds. Driving cryptography are 4 business needs: 1. 
confidentiality, 2. integrity, 3. authentication, 4. non- repudiation or 
proof. . . 

...TEXT: are cute critters which zip around boulders and charm climbers. In 
networking, PICA (Platform-Independent Cryptography API) is an emerging 
standard that will let businesses send data securely over wide area... 

...or the Internet. 

The announcement that Apple, IBM, JavaSoft, Motorola, Netscape, Nortel, 
Novell, RSA Data Security , and Silicon Graphics will all support PICA as 
a cryptography API should move data security ahead by leaps and bounds , 
PICA addresses interoperability problems that arise as crypto technology 
moves into the mainstream software products of competing vendors. 

Jim Bidzos, president of RSA... 

...combine the best of all in an open standard. 

PICA will build bridges between differing crypto approaches to simplify 
the way different platforms use cryptography .. It will let developers 
introduce open, cross-platform, appli cat ion -independent security the 
same way that they introduce features like graphics, communications and 
networking protocols . 

Kathy Kincaid, director of security programs for IBM, says PICA allows 
adding security features like SSL (security socket layer) or DES (data 

encryption standard) to a host of applications, regardless of operating 
platform. "It will inspire confidence in. . . 

...securely, whether for E-mail, EDI or electronic commerce," she says. 

Four business needs drive cryptography : confidentiality; integrity, 
knowing the data was not changed in shipment; authentication, identifying 
both parties; and non-repudiation or proof of transaction. "PICA will do 
for security what HTML did for the Web," predicts Mike Homer, vice 



president of Netscape Communications, Mountain View, CA. Their client and 
server security infrastructure is built on Intel's CDSA (common data 
security architecture), another building block for PICA. 

Firms whose Internet and MIS plans are based on. . . 

... Our Novell Directory Services (NDS) represents the world's largest 
commercial use of public key cryptography and is available on multiple 
platforms. PICA will make it easier to provide secure solutions built on 
directory services." 

Microsoft is notable by its absence from PICA. Its security for Internet 
technologies can be found on its Internet Security Framework resources at 
www.microsoft.com/workshop/ prog/ security /. Microsoft promotes Code 
Signing Technology to reduce the risk of malicious code by identifying who 

...with. Microsoft's implementation of code signing is called Authenticode . 
Microsoft has an enhanced Java security model in Internet Explorer 4.0 to 
address applets that may work outside of Java. Microsoft is partnering with 
third-party vendors like Cisco by joining the Enterprise Security 
Alliance to develop standard security across networked clients, servers 
and infrastructure . 

Security products have one drawback: things get lost. How does a business 
recover a crypto key if it is destroyed? The Key Recovery Alliance 
— supported by Apple, Atalla, DEC, Groupe... 

... available to anyone. The key recovery process will support all existing 
key distribution schemes and encryption algorithms, Kincaid says. 

Author Affiliation: 

Curt Harler is a freelance technology writer and frequent contributor... 
DESCRIPTORS: Data encryption ; ... 
. . .Computer security ; 



24/3, K/2 (Item 2 from file: 15) 

DIALOG (R) File 15 :ABI /INFORM (R) 
(c) 1998 UMI. All rts. reserv. 

01163984 98-13379 
Net transaction security: A state of mind 

Kellner, Mark A 

CommunicationsWeek n597 PP: IA7, IA9 Feb 19, 1996 
ISSN: 0746-8121 JRNL CODE: CWE 

AVAILABILITY: Photocopy available from ABI/ INFORM 
Net transaction security: A state of mind 

. . .ABSTRACT: Web sites, there are several things to consider. One is the 
selection of a transport protocol : Private Communication Technology, 
Secure Sockets Layer or Secure-HyperText Transfer Protocol. Another is 
deciding whether to bypass a transport protocol for an independent 
security system, for example licensing RSA Data Security Inc.'s data 
security algorithms directly. For small mail-order companies, there is 
even a script they can add. . . 
COMPANY NAMES: 
RSA Data Security Inc 

DESCRIPTORS: Computer security ; ... 

. . . Data encryption 



24/3, K/3 



(Item 1 from file: 610) 



DIALOG (R) File 610: Business Wire 

(c) 1998 Business Wire . All rts . reserv. 

0634818 BW0556 

RSA DATA SECURITY : Apple, IBM, JavaSoft, Motorola, Netscape, Nortel, 
Novell, RSA, and Silicon Graphics Announce PICA Cr yp to -Alliance; 
Building Upon RSA's PKCS Standards Process and Technology Submissions 
from Industry 

October 17, 1996 

Byline: Business Editors /Computer Writers 

RSA DATA SECURITY : Apple, IBM, JavaSoft, Motorola, Netscape, Nortel, 
Novell, RSA, and Silicon Graphics Announce PICA Crypto -Alliance ; 
Building Upon RSA 1 s PKCS Standards Process and Technology Submissions 
from Industry 

...Silicon Graphics jointly announced their support for an effort 
code-named PICA, or "Platform-Independent Cryptography API." 

PICA(tm) builds on RSA's widely-adopted Public Key Cryptography 
Standards (PKCS) process and technology submissions from several . 
companies . 

The PICA alliance has been formed primarily to address potential 
interoperability problems that may arise as cryptographic technology 
moves into the mainstream software products of competing vendors. 
With open development meetings scheduled for later on this year, PICA 
vendors will attempt to "build bridges" between their differing 

crypto approaches, and will look for ways to simplify the way 
developers use cryptography on different platforms. 

The PICA specification will be designed to allow developers to 
introduce open, cross-platform, application independent security in 
the same way that they introduce other features like graphics, 

communications / and networking protocols . PICA should enable 
developers to add security features such as SSL, DES, and smartcards 
to electronic commerce, banking, EDI and other applications... 

. . .PICA 

will also be designed to make the task of developing differing 
domestic and exportable security requirements much easier. 

Jim Bidzos, RSA President, said, "The original PKCS group, with 
members including. . . 

...Graphics, Sun and many others, has been a place where competitors can 
work together on crypto specifications since its formation in 1991. 
"It is anticipated that the new PICA efforts will... 

...The industry-wide effort is an important step towards 
simplifying the way developers work with cryptography , " he continued 
"Once a niche application, sophisticated cryptography is making its 
way into even the seemingly most pedestrian Internet applications — 
and crypto is an important component in hot emerging segments such as 
electronic commerce, Internet EDI and electronic cash." 

"This is an exciting time for cryptography . The PICA effort will 
better enable IBM's SecureWay cryptographic infrastructure to provide 
a less complex, more modular way for developers to build applications 
which make the Internet safe for business," said Kathy Kincaid, 
Director of I/T Security Programs for IBM. 

"This will do for security what HTML did for the Web," said Mike 
Homer, VP Marketing for Netscape. "Netscape is happy to announce 
that our client and server security infrastructure is built on 
Intel 1 s CDSA, a potential building block for PICA. We selected... 

. . . support. " 

"The PICA alliance will make it easier for developers to provide 
customers with important security features such as privacy of 



communications, authentication of identity, and viable electronic 
commerce in a . . . 

...are encouraged to see the industry working with the PICA-PKCS 
process to establish Internet security specifications to offer an 
open standard, and we look forward to participating in the process to 
lead its impact on Java," said Li Gong, security architect at 
JavaSoft, a business unit of Sun Microsystems, Inc. 

"Our goal is to integrate strong security into all applications, 
ranging from commercial off-the-shelf to custom legacy applications," 
said Brad. . . 

...Networks. "Towards that end, Nortel will be contributing APIs 
developed for the Entrust family of encryption and key management 
products, as well as our experience gained with real world solutions, 
to. . . 

. . .Web FORCE Group Marketing Manager at Silicon 

Graphics, said "the recent proliferation of specifications in the 

cryptography arena has not been beneficial to our Web FORCE Internet 
Server customers or to the industry. . . 

. . .Our 

Novell Directory Services (NDS) represents the world's largest 
commercial use of public key cryptography and is available on 
multiple platforms. PICAA will make it easier for developers to 
provide. . . 

...provide to our 

customers," said Don Rothwell, vice president and director of 
Motorola's Information Security Operations. "PICA will allow 
exciting, new applications to reach the market more quickly than 
previously possible." 
About RSA 

RSA Data Security , Inc., a wholly owned subsidiary of Security 
Dynamics Technologies, Inc. (NASDAQ: SDTI), is the world's brand 
name for cryptography , with more than 75 million copies of RSA 

encryption and authentication technologies installed and in use 
worldwide. 

RSA technologies are part of existing and. . . 

...develops and markets platform-independent developer's kits 
and end-user products and provides comprehensive cryptographic 
consulting services. Founded in 1982 by the inventors of the RSA 
Public Key Cryptosystem , the company is headquartered in Redwood 
City, Calif. 
About Apple 

Apple Computer, Inc., a recognized... 

. . . http : //www. apple . com 
About IBM 

IBM's SecureWay brand is a comprehensive portfolio of security 
offerings. Whether addressing a specific requirement or creating a 
total ...networks. Additional information can be found on our 
SecureWay homepage at http://www.ibm.com security . 
About JavaSoft 

JavaSoft, headquartered in Cupertino, CA, is an operating company 
of Sun Microsystems Inc. . . 

...and systems for secure 

communications, Nortel has built a team of world-leading experts in 
cryptography , security architecture and international standards. 
Nortel's Enterprise Networks group provides custom-designed 
enterprise networks for. . . 
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Beyond Technology, What Online Companies Can Do To Reassure Customers - 
Net transaction security: A state of mind 

... Web sites, there are several things to consider. One is the 

selection of a transport protocol : Private Communication Technology, 
Secure Sockets Layer or Secure-HyperText Transfer Protocol (see sidebar) . 
Another is deciding whether to bypass a transport protocol for an 
independent security system, say, licensing RSA Data Security Inc. 's 
data security algorithms directly. 

For smaller businesses-for example, mail-order companies dwarfed by 
the catalog operations . . . 
...be used to process the order. 

At the same time, advocates and marketers of data-security products 
assert it is important to look beyond a given software code and move into 
a security consciousness. Unless businesses are aware of the various 
possibilities for computer-related crimes, more than... 

...Stewart, chief technology officer at back-office software provider Open 
Market Inc., in Cambridge, Mass. "Encryption is a tool that is trying to 
help you do those things, but it's... 

. . . less-than- honest employees at a given merchant, Stewart said. 

But there is a chance security could be breached before the 
transaction even is secured, he added, so companies should be... 

...about this kind of thing leads us not just to developing the current 
round of encryption , Stewart said, but toward other options, including 
smart cards, which he predicted will come online... 

...First you have a policy, then you have access control, then you have 
stuff like encryption / then you ! ve also got to have a feedback loop, 
such as audit trails and... 

...to software developer David Bodley at South Florida Mall in Miami, is 
to pinpoint where security breaches are likely to occur. He maintained 
that hacking individual messages is not very profitable... 

. . .marketing at eShop Inc. , an online shopping service based in San 
Mateo, Calif., settling the security question didn't lie in which 
security algorithm to use. Using both the Internet and X.25 dial-up 
services, eShop developed. . . 

...independently to provide access and process transactions. 

Rather than settling on one algorithm to ensure security , eShop 
instead licensed the Toolkit for Interoperable Privacy-Enhanced Messaging 
from RSA Data Security , in Redwood City, Calif. By encrypting messages, 
Weinstein said, eShop is able to offer a guarantee of security to its 
customers. "No matter how you access us, you're guaranteed secure 
transactions. If... 



...11 reimburse you. We tackled the perception issue straight on." (See 
story, page IA6.) 

How security is perceived is more important than the specific 
technology, Weinstein added. 

"Our personal focus is... 



...Agreeing with Bodley and Stewart, Weinstein said the transaction isn't 
the only area of security in which businesses should concentrate. 
"It's important that people use their heads when dealing... 
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One paper, s % The DCE Web Project, 1 1 is OSF ! s attempt to offer a 
secure, flexible communications channel for Web usage based on its DCE 
(Distributed Computing Environment) technology. At the show, OSF. . . 

...sent over DCE RPCs (remote procedure calls). In order to take full 
advantage of the security and location- independent naming features of 
the DCE Web project, you have to use OSF's modified Web... 

...access the DCE Web environment through a gateway, but can't take 
advantage of the security and naming features. Surf the OSF Research 
Institute's home page at http://riwww.osf... 
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Internet security: Apple, IBM, JavaSoft, Motorola, Netscape, Nortel, 
Novell, RSA, and Silicon Graphics announce PICA crypto-alliance; 
building upon RSA's RKCS standards process and technology submission from 
industry. (Platform- Independent Cryptography API , RSA Data Security's 
Public Key Cryptography Standards) (Company Business and Marketing) 

TEXT: 

...Silicon Graphics jointly announced their support for an effort 
code-named PICA, or "Platform-Independent Cryptography API." 

PICA builds on RSA's widely-adopted Public Key Cryptography 
Standards (PKCS) process and technology submissions from several companies. 

The PICA alliance has been formed primarily to address potential 
interoperability problems that may arise as cryptographic technology 
moves into the mainstream software products of competing vendors. With open 
development meetings scheduled for later on this year, PICA vendors will 
attempt to "build bridges" between their differing crypto approaches, and 
will look for ways to simplify the way developers use cryptography on 
different platforms. 

The PICA specification will be designed to allow developers to 
introduce open, cross-platform, application independent security in the 



same way that they introduce other features like graphics, communications 
, and networking protocols . PICA should enable developers to add 
security features such as SSL, DES, and smartcards to electronic commerce, 
banking, EDI and other applications... 

...PICA will also be designed to make the task of developing differing 
domestic and exportable security requirements much easier. 

Jim Bidzos, RSA President, said, "The original PKCS group, with 
members including. . . 

...Graphics, Sun and many others, has been a place where competitors can 
work together on crypto specifications since its formation in 1991. 
"It is anticipated that the new PICA efforts will... 

...The industry-wide effort is an important step towards simplifying the 
way developers work with cryptography , " he continued "Once a niche 
application, sophisticated cryptography is making its way into even the 
seemingly most pedestrian Internet applications — and crypto is an 
important component in hot emerging segments such as electronic commerce, 
Internet EDI and electronic cash." 

"This is an exciting time for cryptography . The PICA effort will 
better enable IBM's SecureWay cryptographic infrastructure to provide a 
less complex, more modular way for developers to build applications which 
make the Internet safe for business," said Kathy Kincaid, Director of I/T 
Security Programs for IBM. 

"This will do for security what HTML did for the Web," said Mike 
Homer, VP Marketing for Netscape. "Netscape is happy to announce that our 
client and server security infrastructure is built on Intel's CDSA, a 
potential building block for PICA. We selected. . . 

. . . support . " 

"The PICA alliance will make it easier for developers to provide 
customers with important security features such as privacy of 
communications, authentication of identity, and viable electronic commerce 
in a. . . 

...are encouraged to see the industry working with the PICA-PKCS process to 
establish Internet security specifications to offer an open standard, and 
we look forward to participating in the process to lead its impact on 
Java," said Li Gong, security architect at JavaSoft, a business unit of 
Sun Microsystems, Inc. 

"Our goal is to integrate strong security into all applications, 
ranging from commercial off-the-shelf to custom legacy applications," said 
Brad. . . 

...Networks. "Towards that end, Nortel will be contributing APIs developed 
for the Entrust family of encryption and key management products, as well 
as our experience gained with real world solutions, to... 

. . .WebFORCE Group Marketing Manager at Silicon Graphics, said "the recent 
proliferation of specifications in the cryptography ' arena has not been 
beneficial to our WebFORCE Internet Server customers or to the industry. . . 

...Our Novell Directory Services (NDS) represents the world's largest 
commercial use of public key cryptography and is available on multiple 
platforms. PICAA will make it easier for developers to provide... 
...provide to our customers," said Don Rothwell, vice president and 
director of Motorola's Information Security Operations. "PICA will allow 
exciting, new applications to reach the market more quickly than previously 
possible . 11 

RSA Data Security , Inc., a wholly owned subsidiary of Security 
Dynamics Technologies, Inc., is the world's brand name for cryptography , 
with more than 75 million copies of RSA encryption and authentication 
technologies installed and in use worldwide. 

RSA technologies are part of existing and... 

...develops and markets platform-independent developer's kits and end-user 



products and provides comprehensive cryptographic consulting services. 
Founded in 1982 by the inventors of the RSA Public Key Cryptosystem , the 
company is headquartered in Redwood City, Calif. 

Apple Computer, Inc., a recognized innovator in... 

...Wide Web: http://www.apple.com 

IBM's SecureWay brand is a comprehensive portfolio of security 
offerings. Whether addressing a specific requirement or creating a total 
end-to-end solution, IBM http://www.ibm.com/security . 

JavaSoft, headquartered in Cupertino, CA, is an operating company of 
Sun Microsystems Inc. The company. . . 

...and systems for secure communications, Nortel has built a team of 
world-leading experts in cryptography , security architecture and 
international standards. 

Nortel's Enterprise Networks group provides custom-designed enterprise 
networks for. . . 

...COMPANY NAMES: RSA Data Security Inc.. 
...DESCRIPTORS: Encryption ; ... 

...Data Security Issue 
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... to calculate the most efficient path to other routers over the 

Internet. Version 2 adds Cryptographic authentication, allowing any 
"Keyed Message Digest" algorithm to be used. 
RIP Version II: Routing Information... 

...handle secure payment with bank cards over nonsecure data transports 
such as the Internet. 

Internet Security Standards at a Glance 

PCT: Private Communi cation Technology Protocol . PCT is designed to 
provide privacy between two communicating applications (a client and a 
server. . . 

...TCP) for data transmission and reception. 

SHTTP: Secure Hypertext Transport Protocol. Extension of HTTP 
providing independently applicable security services for transaction 
confidentiality, authenticity/integrity, and non-repudiability of origin. 

SSL: Secure Sockets Layer. . . 
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Network connectivity gains momentum, (includes related article on data 
security standards) (Cover Story) 

each user thinking that his or her application is mission-critical, 
and suddenly reliability and security loom large on the importance scale. 
What's more, all the users need to be... ISDN association, of which it is a 
founding member) to develop ISDN technology for home security systems. 
With current home security systems, if someone cuts a telephone line, 
there is no way for security professionals to know if a home has been 
invaded. By using an ISDN D-channel that constantly polls for data, 
security companies will have the ability to know immediately when a phone 
line is cut. 
ISDN... 

...are cute critters which zip around boulders and charm climbers. In 
networking, PICA (Platform-Independent Cryptography API) is an emerging 
standard that will let businesses send data securely over wide area... 

...or the Internet. 

The announcement that Apple, IBM, JavaSoft, Motorola, Netscape, 
Nortel, Novell, RSA Data Security , and Silicon Graphics will all support 
PICA as a cryptography . API should move data security ahead by leaps and 
bounds. PICA addresses inter-operability problems that arise as crypro 
technology. . . 

...combine the best of all in an open standard. 

PICA will build bridges between differing crypto approaches to 
simplify the way different platforms use cryptography . It will let 
developers introduce open, cross-platform, appli cat ion- independent 
security the same way that they introduce features like graphics, 
communications and networking protocols . 

Kathy Kincaid, director of security programs for IBM, says PICA 
allows adding security features like SSL (security socket layer) or DES 

(data encryption standard) to a host of applications, regardless of 
operating platform. "It will inspire confidence in... 

...securely, whether for E-mail, EDI or electronic commerce, 11 she says. 

Four business needs drive cryptography : confidentiality; integrity, 
knowing the data was not changed in shipment; authentication, identifying 
both parties; and non-repudiation or proof of transaction. "PICA will do 
for security what HTML did for the Web, 11 predicts Mike Homer, vice 
president of Netscape Communications, Mountain View, CA. Their client and 
server security infrastructure is built on Intel's CDSA (common data 
security architecture) , another building block for PICA. 

Firms whose Internet and MIS plans are based on. . . 

...Our Novell Directory Services (NDS) represents the world's largest 
commercial use of public key cryptography and is available on multiple 
platforms. PICA will make it easier to provide secure solutions built on 
directory services." 

Microsoft is notable by its absence from PICA. Its security for 
Internet technologies can be found on its Internet Security Framework 
resources at www.microsoft.com/workshop/prog/security /. Microsoft 
promotes Code Signing Technology to reduce the risk of malicious code by 
identifying who. . . 

...with. Microsoft's implementation of code signing is called Authenticode . 
Microsoft has an enhanced Java security model in Internet Explorer 4 . 0 to 
address applets that may work outside of Java. Microsoft is partnering with 
third-party vendors like Cisco by joining the Enterprise Security 
Alliance to develop standard security across networked clients, servers 
and infrastructure. 

Security products have one drawback: things get lost. How does a 
business recover a crypro key. . . 

...available to anyone. The key recovery process will support all existing 
key distribution schemes and encryption algorithms, Kincaid says. 

Curt Harler is a freelance technology writer and frequent contributor 
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Internet Security : Apple, IBM, JavaSoft, Motorola, Netscape, Nortel, 
Novell, RSA, and Silicon Graphics Announce PICA Crypto-Alliance; 
Building Upon RSA's PKCS Standards Process and Technology Submissions 
from Industry 

Silicon Graphics jointly announced their support for an effort 
code-named PICA, or "Platform-Independent Cryptography API." 

PICA builds on RSA's widely-adopted Public Key Cryptography Standards 
(PKCS) process and technology submissions from several companies. 

The PICA alliance has been formed primarily to address potential 
interoperability problems that may arise as cryptographic technology 
moves into the mainstream software products of competing vendors. With open 
development meetings scheduled for later on this year, PICA vendors will 
attempt to "build bridges" between their differing crypto approaches, and 
will look for ways to simplify the way developers use cryptography on 
different platforms. 

The PICA specification will be designed to allow developers to introduce 
open, cross-platform, application independent security in the same way 
that they introduce other features like graphics, communications , and 
networking protocols . PICA should enable developers to add security 
features such as SSL, DES, and smartcards to electronic commerce, banking, 
EDI and other applications... 

. . . PICA will also be designed to make the task of developing differing 
domestic and exportable security requirements much easier. 

Jim Bidzos, RSA President, said, "The original PKCS group, with members 
including. . . 

... Graphics, Sun and many others, has been a place where competitors can 
work together on crypto specifications since its formation in 1991. 
"It is anticipated that the new PICA efforts will... 

. . . The industry-wide effort is an important step towards simplifying the 
way developers work with cryptography , " he continued "Once a niche 
application, sophisticated cryptography is making its way into even the 
seemingly most pedestrian Internet applications — and crypto is an 
important component in hot emerging segments such as electronic commerce, 
Internet EDI and electronic cash." 

"This is an exciting time for cryptography . The PICA effort will better 
enable IBM's SecureWay cryptographic infrastructure to provide a less 
complex, more modular way for developers to build applications which make 
the Internet safe for business," said Kathy Kincaid, Director of I/T 
Security Programs for IBM. 

"This will do for security what HTML did for the Web," said Mike Homer, 
VP Marketing for Netscape. "Netscape is happy to announce that our client 



and server security infrastructure is built on Intel's CDSA, a potential 
building block for PICA. We selected. . . 

. . . support. 11 

"The PICA alliance will make it easier for developers to provide customers 
with important security features such as privacy of communications, 
authentication of identity, and viable electronic commerce in a... 

...are encouraged to see the industry working with the PICA-PKCS process to 
establish Internet security specifications to offer an open standard, and 
we look forward to participating in the process to lead its impact on 
Java, " said Li Gong, security architect at JavaSoft, a business unit of 
Sun Microsystems, Inc. 

"Our goal is to integrate strong security into all applications, ranging 
from commercial off-the-shelf to custom legacy applications," said Brad... 

... Networks. "Towards that end, Nortel will be contributing APIs developed 
for the Entrust family of encryption and key management products, as well 
as our experience gained with real world solutions, to... 

... WebFORCE Group Marketing Manager at Silicon Graphics, said "the recent 
proliferation of specifications in the cryptography arena has not been 
beneficial to our WebFORCE Internet Server customers or to the industry. . . 

... Our Novell Directory Services (NDS) represents the world's largest 
commercial use of public key cryptography and is available on multiple 
platforms. PICAA will make it easier for developers to provide... 

... provide to our customers," said Don Rothwell, vice president and 
director of Motorola's Information Security Operations. "PICA will allow 
exciting, new applications to reach the market more quickly than previously 
possible." 

RSA Data Security / Inc., a wholly owned subsidiary of Security Dynamics 
Technologies, Inc., is the world's brand name for cryptography , with more 
than 75 million copies of RSA encryption and authentication technologies 
installed and in use worldwide. 

RSA technologies are part of existing and. . . 

... develops and markets platform-independent developer's kits and end-user 
products and provides comprehensive cryptographic consulting services. 
Founded in 1982 by the inventors of the RSA Public Key Cryptosystem , the 
company is headquartered in Redwood City, Calif. 

Apple Computer, Inc., a recognized innovator in... 
...Wide Web: http://www.apple.com 

IBM's SecureWay brand is a comprehensive portfolio of security offerings. 
Whether addressing a specific requirement or creating a total end-to-end 
solution, IBM... networks. Additional information can be found on our 
SecureWay homepage at http://www.ibm.com security . 

JavaSoft, headquartered in Cupertino, CA, is an operating company of Sun 
Microsystems Inc. The company. . . 

. . . and systems for secure communications, Nortel has built a team of 
world-leading experts in cryptography , security architecture and 
international standards. 

Nortel's Enterprise Networks group provides custom-designed enterprise 
networks for. . . 

...COMPANY NAMES (DIALOG GENERATED): Development ; Cray ; Enterprise 
Networks ; EDI ; IBM ; IEEE ; ISO ; IT4 ; JavaSoft ; Lotus ; Microsoft ; 
Motorola 's Information Security ; Netscape Communications Corporation ; 



Nortel Secure Networks ; Novell ; NDS ; Our Novell Directory Services ; 
PICA Alliance ; RSA Data Security Inc ; Security Dynamics Technologies 
Inc ; Silicon Graphics Inc ; Sun Microsystems Inc ; Web FORCE Group 
Marketing ; World Wide Web 
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M2 PRESSWIRE-18 October 1996-RSA DATA SECURITY : Announcing a PICA crypto 
-alliance — With Apple, IBM, JavaSoft, Motorola, Netscape, Nortel, Novell, 
RSA, and Silicon Graphics (C)1994... 

Silicon Graphics jointly announced their support for an effort 
code-named PICA, or "Platform-Independent Cryptography API." PICA builds 
on RSA 1 s widely-adopted Public Key Cryptography Standards (PKCS) process 
and technology submissions from several companies. 

The PICA alliance has been formed primarily to address potential 
interoperability problems that may arise as cryptographic technology 
moves into the mainstream software products of competing vendors. With open 
development meetings scheduled for later on this year, PICA vendors will 
attempt to "build bridges" between their differing crypto approaches, and 
will look for ways to simplify the way developers use cryptography on 
different platforms. 

The PICA specification will be designed to allow developers to introduce 
open, cross-platform, application independent security in the same way 
that they introduce other features like graphics, communications , and 
networking protocols . PICA should enable developers to add security 
features such as SSL, DES, and smartcards to electronic commerce, banking, 
EDI and other applications... 

. . . PICA will also be designed to make the task of developing differing 
domestic and exportable security requirements much easier. 

Jim Bidzos, RSA President, said: "The original PKCS group, with members 
including . . . 

... Graphics, Sun and many others, has been a place where competitors can 
work together on crypto specifications since its formation in 1991. "It 
is anticipated that the new PICA efforts will... 

. . . The industry-wide effort is an important step towards simplifying the 
way developers work with cryptography , " he continued "Once a niche 
application, sophisticated cryptography is making its way into even the 
seemingly most pedestrian Internet applications — and crypto is an 
important component in hot emerging segments such as electronic commerce, 
Internet EDI and electronic cash." 

"This is an exciting time for cryptography . The PICA effort will better 
enable IBM ! s SecureWay cryptographic infrastructure to provide a less 
complex, more modular way for developers to build applications which make 
the Internet safe for business," said Kathy Kincaid, Director of I/T 
Security Programs for IBM. 

"This will do for security what HTML did for the Web," said Mike Homer, 
VP Marketing .for Netscape. "Netscape is happy to announce that our client 
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IBM JOINS APPLE , RSA, NETSCAPE IN PICA CRYPTO -ALLIANCE 

INTEROPERABILTY AND CRYPTOGRAPHY : IBM, Apple, JavaSoft, Motorola, 
Netscape, Nortel, Novell, RSA, and Silicon Graphics jointly announced 
support for an effort code-named PICA, or "Platform-Independent 
Cryptography API . " 

PICA builds on RSA's Public Key Cryptography Standards (PKCS) process and 
technology submissions from several companies. 

The PICA alliance has been formed primarily to address potential 
interoperability problems that may arise as cryptographic technology 
moves into the mainstream software products of competing vendors. With open 
development meetings scheduled for later on this year, PICA vendors will 
attempt to "build bridges" between their differing crypto approaches, and 
will look for ways to simplify the way developers use cryptography on 
different platforms. 

The PICA specification will be designed to allow developers to introduce 
open, cross-platform, application independent security in the same way 
that they introduce other features like graphics, communications , and 
networking protocols . PICA should enable developers to add security 
features such as SSL, DES, and smartcards to electronic commerce, banking, 
EDI and other applications... 

. . . PICA will also be designed to make the task of developing differing 
domestic and exportable security requirements much easier. 

"This is an exciting time for cryptography , " said Kathy Kincaid, Director 
of I/T Security Programs for IBM. "The PICA effort will better enable 
IBM's SecureWay cryptographic infrastructure to provide a less complex, 
more modular way for developers to build applications which. . . 
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Beyond Technology, What Online Companies Can Do To Reassure Customers: Net 
transaction security: A state of mind 

... Web sites, there are several things to consider. One is the 
selection of a transport protocol : Private Communication Technology, 
Secure Sockets Layer or Secure-HyperText Transfer Protocol (see sidebar) . 



Another is deciding whether to bypass a transport protocol for an 

independent security system, say, licensing RSA Data Security Inc. 's 
data security algorithms directly. 

For smaller businesses — for example, mail-order companies dwarfed by 
the catalog operations. . . 

...be used to process the order. 

At the same time, advocates and marketers of data-security products 
assert it is important to look beyond a given software code and move into a 
security consciousness. Unless businesses are aware of the various 
possibilities for computer-related crimes, more than... 

. . . Stewart, chief technology officer at back-office software provider Open 
Market Inc., in Cambridge, Mass. "Encryption is a tool that is trying to 
help you do those things, but it's... 

. . . less-than-honest employees at a given merchant, Stewart said. 

But there is a chance security could be breached before the 
transaction even is secured, he added, so companies should be... 

. . . about this kind of thing leads us not just to developing the current 
round of encryption , Stewart said, but toward other options, including 
smart cards, which he predicted will come online... 

...Web sites, there are several things to consider. One is the 
selection of a transport protocol : Private Communication Technology, 
Secure Sockets Layer or Secure-HyperText Transfer Protocol (see sidebar) . 
Another is deciding whether to bypass a transport protocol for an 
independent security system, say, licensing RSA Data Security Inc. 's 
data security algorithms directly. 

For smaller businesses — for example, mail-order companies dwarfed by 
the catalog operations... 

...be used to process the order. 

At the same time, advocates and marketers of data-security products 
assert it is important to look beyond a given software code and move into a 

security consciousness. Unless businesses are aware of the various 
possibilities for computer-related crimes, more than... 

...Stewart, chief technology officer at back-office software provider Open 
Market Inc., in Cambridge, Mass. "Encryption is a tool that is trying to 
help you do those things, but it's... 

...less-than-honest employees at a given merchant, Stewart said. 

But there is a chance security could be breached before the 
transaction even is secured, he added, so companies should be. . . 
...about this kind of thing leads us not just to developing the current 
round of encryption , Stewart said, but toward other options, including 
smart cards, which he predicted will come online. . . 

...First you have a policy, then you have access control, then you have 
stuff like encryption , then you've also got to have a feedback loop, such 
as audit trails and. 

...to software developer David Bodley at South Florida Mall in Miami, is to 
pinpoint where security breaches are likely to occur. He maintained that 
hacking individual messages is not very profitable. . . 

...marketing at eShop Inc., an online shopping service based in San Mateo, 
Calif., settling the security question didn't 1 ie in which security 
algorithm to use. Using both the Internet and X.25 dial-up services, eShop 
developed. . . 

...independently to provide access and process transactions. 

Rather than settling on one algorithm to ensure security / eShop 
instead licensed the Toolkit for Interoperable Privacy-Enhanced Messaging 
from RSA Data Security , in Redwood City, Calif. By encrypting messages, 
Weinstein said, eShop is able to offer a guarantee of security to its 



customers. "No matter how you access us, you're guaranteed secure 
transactions. If . . . 

...11 reimburse you. We tackled the perception issue straight on." (See 
story, page IA6. ) 

How security is perceived is more important than the specific 
technology, Weinstein added. 

"Our personal focus is... 

...Agreeing with Bodley and Stewart, Weinstein said the transaction isn't 
the only area of security in which businesses should concentrate. 
"It's important that people use their heads when dealing... 
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THE FC-1000 SERIES FROM EFM OFFERS ULTIMATE IN USER FLEXIBILITY 

News Release October 17, 1988 p. 1 

...specifications. The EFM series of FC-1000 systems come complete with 
keypad selectable RS-232C communications protocol and two analog and 
pulse outputs per channel. Each unit has an LCD which displays volumetric 
flow data and temperature as well as cumulative totals for both 

independent channels. The security features of the FC-1000 are unique 
to the system. They include protection of all... 
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Implementation of the comprehensive integrated security system for 
computer networks. (3rd Joint European Networking Conference) 

Muftic, Sead 

Computer Networks and ISDN Systems, v25, n4-5, p469(7) 
Nov, 1992 

ISSN: 0169-7552 LANGUAGE: ENGLISH RECORD TYPE: ABSTRACT 

Implementation of the comprehensive integrated security system for 
computer networks. (3rd Joint European Networking Conference) 

ABSTRACT: The comprehensive integrated security system (CISS) was 
developed to provide computer system protection model for information 
management applications. CISS was based on the International Organization 
for Standardization/Open Systems Interconnection (ISO/OSI) Security 
Architecture model and complies with TCP/IP communications protocol 
recommendations. The model provides for an efficient and 

operating-environment-independent security applications and components. 

...DESCRIPTORS: Safety and security measures... 
. . . Security systems 
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Crypt analysis and protocol failures 

Simmons , Gustavus J 

Communications of the ACM v37nll PP: 56-65 Nov 1994 
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AVAILABILITY: Fulltext online. Photocopy available from ABI/ INFORM 12688.01 
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...TEXT: system to the server along with a request for the server to set up 
a secure channel to B. The server contacts B, who generates a (random) 
session key and encrypts it. . . 

. . . other subscriber, C, who has eavesdropped on the three ciphers involved 
in setting up the secure channel between A and B can easily recover the 
session key they are using. This requires... 

... in advance that whenever D receives a request from the server to set up 
a secure channel with C, D will return a session key known to C. This 
means not that. . . 

. . .mod n)mod n, 

and send it to the server with a request that a secure channel be set 
up between C and D. In preparation for later use, C computes r. . .detection. 
All of this has taken place in the time required to set up a secure 

channel on the net, and has been unconditionally concealed from detection 
by the server. It might... 

. . . the three ciphers that passed over the channel in the course of setting 
up the secure (?) channel between A and B. What C has done is to use 
the protocol to trick... of the "don't care" states as are useful can be 
included in the simplification process . In the second example based on 
the Simmons protocol, the covert channel for B might well have been... 



26/3, K/2 (Item 2 from file: 15) 

DIALOG (R) File 15 : ABI/ INFORM (R) 
(c) 1998 UMI. All rts. reserv. 

00759575 94-08967 

A public key extension to the Common Cryptographic Architecture 

Le, An V; Matyas, Stephen M; Johnson, Donald B; Wilkins, John D 
IBM Systems Journal v32n3 PP: 461-485 1993 
ISSN: 0018-8670 JRNL CODE: ISY 

AVAILABILITY: Fulltext online. Photocopy available from ABI /INFORM 3072.00 
WORD COUNT: 16326 

...TEXT: eliminated the need to transport secret keys between communicating 
parties in order to establish a secure channel . ■ When a pair of users A 
and B wishes to establish a secure channel , each user sends his or her 
public key to the other over the open channel... 

... and economical using a simple, widely known protocol. When a device 
wishes to establish a secure channel , it first generates a public and 
private key pair. The public key is sent to ... appearance of randomness in 
the encrypted value of K. The long control vector C is first processed 
by a hashing function h to produce a 128-bit vector H = h(C). The... 
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Internet Privacy Enhanced Mail 

Kent, Stephen T 

Communications of the ACM v36n8 PP: 48-60 Aug 1993 
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AVAILABILITY: Fulltext online. Photocopy available from ABI /INFORM 12688.01 
WORD COUNT: 9143 

...TEXT: encoding is employed for this field as is applied to the message 
content) . 



ENCRYPTION 



The second PEM processing step also provides message encryption, if 
selected by the originator. This processing is performed only ... implying 
that the user holds a public key obtained through some out-of-band, 
integrity secure channel (not through an untrusted network) . 

A certificate, like a credit card, does not remain valid. . . 
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Securing E-Mail With Encryption: PGP and ViaCrypt PGP security methods are 
the standards to go by 

Lan Times September 25, 1995; Pg 138; Vol. 12, No. 19 
Journal Code: LAN ISSN: 1040-5917 

Section Heading: Hands-On 

Word Count: 1,391 *Full text available in Formats 5, 7 and 9* 

BYLINE: 
Al Berg 

TEXT: 

...known to third parties is difficult — the key usually has to be sent over 
a secure channel and a lot of extra security precautions are needed. 

The RSA algorithm used by PGP. . . 

...only to the key owner. 

Users create their two keys when running PGP for the first time. This 
process takes less than 10 minutes. 

Once users have created a key set, they need to. . . 
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AN OVERVIEW OF CRYPTOGRAPHY: Technology provides network privacy 

Lan Times February, 1990; Pg 100; Vol. VII, Issue II 
Journal Code: LAN ISSN: 1040-5917 

Section Heading: Network Technology 

Word Count: 2,611 *Full text available in Formats 5, 7 and 9* 

BYLINE: 

D. JAMES BIDZOS AND BURT S. KALISKI JR. 
TEXT: 

. . . How does the originating party transmit the secret key to the other 
party, since no secure channel exists at his or her point? This problem 
compounds when the communicating parties number in. . . less than 250 
milliseconds . 

Note that in the authentications protocol described above, the 1.5- 
second signature process is required only upon login by the user, and, 
although done only once, can be. . . 
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A new way to upgrade SCAD A 

Komisarek, Jim; Blecke, Charles 

Transmission & Distribution v47nl3 PP: 30-36 Dec 1995 
ISSN: 0041-1280 JRNL CODE: TMD 

AVAILABILITY: Fulltext online. Photocopy available from ABI/INFORM 12343.02 
WORD COUNT: 1730 

...TEXT: that takes advantage of the unique ciual-processing architecture 
inherent in the M4RTU. While a second processor performs I/O 

interfacing and control of signals from the substation, the M4RTU , s high... 

... Redac 70H. The flexibility of the Opto 22 system also frees WPS to 
change EMS communications protocol in the future. 

Man-Machine Interface 

WPS developed the operator interface with the Mistic MMI . . . 
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Digital signatures: Signing and notarizing electronic forms 

Theofanos, Mary F; Phillips, John T 

Records Management Quarterly v28n2 PP: 18-22+ Apr 1994 
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AVAILABILITY: Fulltext online. Photocopy available from ABI/INFORM 6778.00 
WORD COUNT: 3587 

...TEXT: ID), date/time stamp, and document ID, followed by encryption of 
this information. A secure communications protocol based on the 

Kerberos method for authentication, authorization, and accounting on a 
network was used to protect the information during the signature generation 
process • The second level of authentication provides a notary ability, 
similar to a notary in the paper world. . . 
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Service designs for quality: Integrated-process necessity 
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...TEXT: redesign their services by challenged fundamental tradeoff 
assumptions about dependability, efficiency, flexibility, and service 
quality. 

Second , the integrated process of modeling provides a forum for 
communicating and debating assumptions, and a communication protocol 
for doing so. So, it enables learning, and improves judgment and intuition 
(Senge, 1990) . The. . . 
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DSP May Spell Relief for Urban Cellular Congestion 



Cox, Steve; Fine, Bob 

Telephony v220n9 PP: 18-26 Mar 4, 1991 
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AVAILABILITY: Photocopy available from ABI/ INFORM 1108.00 
WORD COUNT: 2298 

...ABSTRACT: the problems in overpopulated mobile telephone systems. In a 
digital system, the speech signal is first processed digitally by 
compression algorithms and error correction techniques. The resulting 
information is used to modulate... 

... the late 1980s, a standards group, Groupe Special Mobile, was formed to 
select a standard communications protocol for the proposed pan-European 
system. 
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LANs throttle up to meet broader applications 

RAY WEISS 
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RECORD TYPE: Fulltext 
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by Larry Green, a key figure at Silicon Graphics. Protocol Engines 
aims to speed up coinirruni cations protocol processing by taking a 
two-pronged approach to minimizing protocol processing overhead. 

First / its designers are defining a compressed protocol. The 
express transport protocol (XTP) simplifies the earlier... 
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SCSI CONNECTIVITY LIMITATIONS SOLVED WITH NEW, HIGH SPEED ARCHITECTURE FROM 
VICOM SYSTEMS 

PR Newswire 

DATELINE: LAS VEGAS Nov 13, 1995 WORD COUNT: 668 
...using industry standard SCSI or SSA 

interfaces. With multiple- simultaneous transmission rates of 
640Mbits per second , increased node - to-node distances and unlimited 
devices per channel, SLIC finally enables the promised benefits of... 

...and SSA products. "We expect a number of SLIC 

implementations will be as an independent communications protocol to 

take advantage of the 640Mbit per second transfer rate and its 
support of simultaneous... 

. . .high performance communications environments 
independent of LANs, WANs or other networks and is the only 

communications protocol that supports simultaneous transmissions. 
SLIC incorporates advanced SCSI features such as command processing, 
tagged queuing. . . 
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VMEbus Dual Processor Single Board Computer Delivers 10 MIPS for Real-time 
and Telecommunication Functions 

News Release 

DATELINE: Pittsburgh, PA May 11, 1992 WORD COUNT: 937 
...ideal for real-time 

embedded applications, based on the functionality of its 68EC030 
microprocessor. The second processor — a 68302 intelligent 
multiprotocol processor (IMP) — offers efficient data 
communications, including network communications control. "A... 

...a smart universal protocol controller, handling I/O for 
virtually all synchronous and asynchronous data communications 

protocols in ISDN, X.25 and Fieldbus environments. 
Meanwhile, the 68EC030 handles I/O and processing. . . 



28/3, K/8 (Item 3 from file: 621) 

DIALOG(R) File 621:IAC New Prod. Annou. (R) 

(c) 1998 Information Access Co. All rts. reserv. 

00275122 00275122 

BANYAN AND COMPAQ TEAM UP TO DELIVER POWERFUL PC NETWORK SOLUTION 

News Release 

DATELINE: DALLAS, TX September 11, 1990 WORD COUNT: 1653 
. . .mail gateways 

-SNA, bisynch, and asynch terminal emulation 

-TCP/IP, X.25, Apple talk, and other communications protocols 

This consolidation yields two key benefits: A reduced investment in 
LAN hardware and complexity; and. . . 

...server to support their user communities. As the network 

grows, customers can simply add the second processor (in the case of 

the SYSTEMPRO) in order to increase the capacity and performance of... 



28/3, K/9 (Item 4 from file: 621) 

DIALOG(R) File 621:IAC New Prod. Annou. (R) 

(c) 1998 Information Access Co. All rts. reserv. 

00212241 00212241 

AT&T INTRODUCES DEFINITY 75/85 COMMUNICATIONS SYSTEM 

PR Newswire 

DATELINE: WASHINGTON, DC February 6, 1989 WORD COUNT: 1014 

...on common port hardward for line connections, DEFINITY 75/85 
Communications System offers customers two processor options. The 

first option, called DEFINITY Generic 1, is for intermediate-sized 
businesses. The second option, called DEFINITY... 

. . .the DEFINITY 

family. The company added two new sets to its 7400 series of Digital 

Communications Protocol (DCP) terminals. DCP has successfully 
brought AT&T customers advanced ISDN-like functions since 1984... 
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PLEXUS COMPUTERS INTRODUCES XDP SYSTEM INTEGRATING NUMEROUS TYPES OF 
BUSINESS INFORMATION 

DATELINE: San Jose, CA March 30, 1987 WORD COUNT: 1212 

...March 30, 1987 — Plexus (R) Computers, Inc., today 
introduced the Plexus XDP (TM) Extended Data Processing System, the 
first comprehensive commercial computer system that integrates and 
manages diverse types of data and peripherals. 
The. . .devices; shared laser printers; an optical 
character recognition device; and support for industry-standard 
network communications protocols . All are available from Plexus . 
Sales and Service 

Prices for Plexus XDP Systems range from. . . 
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DATELINE: IRVINE, CA November 7, 1986 WORD COUNT: 673 

...success next year and beyond." 

The POWER 6/32S at 5 MIPS (million of instructions processed per 

second ) is field upgradeable to the 8-MIPS POWER 6/32SX. A single 
system offers connectivity. . . 

...Th.e new systems are also the first to incorporate CCI ! s new MPCC 
(Multi-Protocol Communications Controller) . This controller permits 
concurrent use of asynchronous, bisynchronous, and bit-oriented 
protocols, and provides... 
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DATELINE: New York, NY September 11, 1985 WORD COUNT: 1437 
. . . first automated quotation 

display; the first voice response system for the American Stock 
Exchange; the first desktop distributed processing system for on-line 
quotes; the first electronic stock market for NASD; and the first... 

...to open its network 

architecture to office automation systems from vendors that support 
industry-standard communication protocols . Resulting from IBM's 
dominant force in the office automation market, Bunker Ramo will 
provide . . . 
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RISC champions challenge Moto in embedded control. (RISC vendors challenge 
Motorola's 68000 CISC processor in embedded control systems) (includes 
related articles on Clearpoint Research's Little Dipper multiport media 
access control learning bridge router and on when to use a RISC-based 
processor in an embedded system) (Cover Story) 

Child, Jeff; Wilson, Dave 

Computer Design, v30, nl3, p98(9) 

Oct, 1991 

DOCUMENT TYPE: Cover Story ISSN: 0010-4566 LANGUAGE: ENGLISH 

RECORD TYPE: FULLTEXT; ABSTRACT 

WORD COUNT: 5417 LINE COUNT: 00416 

system. Three of them are used together with a custom coprocessor 
simply to perform video processing . The first i960CA is used to 
calculate different information between video frames. The second controls 
the discrete. . . 

...additional i960CA processor acts as the communications multiplexer and 
implements the CCITT standard H.221 communications protocol . The 
i960CAs are front-ended by an Intel 386 so that the user can teleconference 
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Printer sharing made simple. (Hands-on) (tutorial) 

Rosen, Winn L. 
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WORD COUNT: 2330 LINE COUNT: 00179 

time to print a file. 
Readying your serial port for printing is a two-step process . 
First / set its speed and other communications protocol parameters, 
then redirect print commands to the port. Remember, you must set the 
communications parameters. . . 
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Control network keeps nodes simple. 
Bursky, Dave 

Electronic Design, v38, n23, pl39(3) 
Dec 13, 1990 

ISSN: 0013-4872 LANGUAGE: ENGLISH RECORD TYPE: FULLTEXT; ABSTRACT 

WORD COUNT: 1812 LINE COUNT: 00144 

... To bring the LONs to reality, Echelon defined several chips and a 

robust yet flexible communication protocol . It also created an 
easy-to-use set of network setup and development tools. At... 

...two Echelon-defined Neuron single-chip devices. Each chip offers 
communications, control, and I/O processing . The first two Neuron 
processors are jointly defined by Echelon with Motorola and Toshiba-the 
companies that will actually manufacture... 
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Top 10 bank software growth companies, (company profile) 

Landis, Ken 

Computers in Banking, v6, n2, p26(12) 
Feb, 1989 
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RECORD TYPE: FULLTEXT; ABSTRACT 
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... price/performance ratio — is helping them compete. 

The decentralization of information management as well as processing 
is the second trend. Decentralization requires complex data 
communication protocols / as well as inter-application standards such as 
IBM's Systems Application Architecture. "Users and... 
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Intel Launching Long-Range Supercomputer Project 

Intel: Supercomputing program aims to reach teraFLOPS performance by 
1997-98 

Electronic News October 25, 1993 p. 8 
ISSN: 1061-6624 

*FULL TEXT AVAILABLE IN FORMAT 7 OR 9* WORD COUNT: 241 

... a superscalar structure, or groups of five or six less expensive 
MPUs in symmetrical multiprocessing nodes . 

The first prototype, planned for late 1995, has performance targets 
of 600 gigaFLOPS peak speed with 350... 

... selected applications. Each MPU node will contribute about 150 
megaFLOPs, and the system will use communication protocols to reduce 
message passing latency and access remote memory. 
A second prototype planned for 1996... 

9 



File 275 : IAC (SM) Computer Database (TM) 1983-1998/Dec 01 

(c) 1998 Info Access Co 
File 674 : Computer News Fulltext 1989-1998/Nov W5 

(c) 1998 IDG Communications 
File 647: CMP Computer Fulltext 1988-1998/Nov W2 

(c) 1998 CMP 
File 15:ABI/INFORM(R) 1971-1998/Dec 01 

(c) 1998 UMI 
File 16:IAC PROMT (R) 1972-1998/Dec 01 

(c) 1998 Information Access Co. 
File 9:Business & Industry(R) Jul 1994-1998/Dec 01 

(c) 1998 Resp. DB Svcs . 
File 621:IAC New Prod. Annou . (R) 1985-1998/Dec 01 

(c) 1998 Information Access Co 
File 636: IAC Newsletter DB (TM) 1987-1998/Dec 01 

(c) 1998 Information Access Co. 
File 148: IAC Trade & Industry Database 1976-1998/Dec 01 

(c) 1998 Info Access Co 
File 624: McGraw-Hill Publications 1985-1998/Nov 25 

(c) 1998 McGraw-Hill Co. Inc 

Set Items Description 

51 24 ( INDEPENDENT (N2) LAYER?) (S) (JAVA OR ENCRYPTION?) 

52 18 RD (unique items) 



2/3, K/l (Item 1 from file: 275) 

DIALOG (R) File 275:IAC(SM) Computer Database (TM) 
(c) 1998 Info Access Co. All rts. reserv. 

02140765 SUPPLIER NUMBER: 20206035 (USE FORMAT 7 OR 9 FOR FULL TEXT) 

Understanding the DCOM wire protocol by analyzing network data packets. 

(the Distributed COM Object RPC network protocol) (Technology 

Information) (Technical) 

Eddon, Guy; Eddon, Henry 

Microsoft Systems Journal, vl3, n3, p45(13) 
March, 1998 

DOCUMENT TYPE: Technical ISSN: 0889-9932 LANGUAGE: English 

RECORD TYPE: Fulltext; Abstract 

WORD COUNT: 8796 LINE COUNT: 00754 

see Figure 3) . 

As you can see in Figure 3, DCOM is not really an independent 
network protocol layered on top of the RPC protocol. I nstead, DCOM merges 
with the RPC header and data. . . 

...of the OSF DCE RPC network protocol. For example, the authentication, 
authorization, and. message integrity /encryption features of RPC are 
present in ORPC. 

The ORPC protocol extends the standard RPC protocol... 
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HTTP, Java provide run-time control 
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PUBLICATION DATE: 961104 

JOURNAL CODE: EET LANGUAGE: English 

RECORD TYPE: Fulltext 

SECTION HEADING: Embedded Systems 

WORD COUNT: 1432 , 

native code methods . 
Our example of the embedded network switch uses the flexibility of 
the Java language to define distinct and separate layers of hardware- 
independent application code, and native, hardware-dependent code. This 
also has the side benefit of maintaining. . . 

...execution in the native classes, and allowing the slower supervisory 
functions to be coded in Java . 

In addition to the network-switch example, Java can be used for 
warehouse-inventory control... 
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WORD COUNT: 1799 

...TEXT: using the Internet, requiring that data be encrypted as it travels 
across the untrusted network. 



Encryption can be performed at the network level using VPN products such 
as encrypting routers or... 

... browsers and servers supporting Secure Sockets Layer (SSL). The 
advantage of VPN products is their layer of application — independent 

encryption for all network traffic between the connected LANs. 
Unfortunately, they require specialized hardware or software... 
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ABSTRACT: IBM's recently released "San Francisco Project" is best described 
as Java -based, reusable, object-oriented business components for 
commercial applications, along with an execution framework. San... 

... a reusable substrate or functional lattice for other San Francisco 
components. The Common Business Objects layer consists of independent , 
generalized business objects and frameworks common to a variety of 
application types that can be... 

. . . substructure, designed by a large number of vendors, on which ISVs and 
other can build Java -based, commercial, networked applications. 
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...TEXT: native code methods. 

Our example of the embedded network switch uses the flexibility of the 
Java language to define distinct and separate layers of hardware- 
independent air plication code, and native, hardware-dependent code. This 

also has the side benefit of native classes, and allowing the slower 

supervisory functions to be coded in Java . 

In addition to the network-switch example, Java can be used for 
warehouseinventory control applications... 
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Development Tool — NetBeans, Inc. — . 
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*FULL TEXT AVAILABLE IN FORMAT 7 OR 9* WORD COUNT: 759 



... including NT, UNIX, Linux, OS/2, Win95, and Solaris. The system is 
built from several independent layers , and is designed to be open and 
easily extendible. The IDE is presented in the... 

. . . within the system - editing, compilation, execution and debugging. The 
entire IDE GUI is based on Java Foundation Classes and takes advantage of 
all its impressive features, including a pluggable look and feel and a rich 
component set. "Using Java technology for NetBeans IDE allowed us to 
build a product that leverages the ! Write Once, Run Anywhere (TM) 1 
capability of the Java platform, " said Roman Stanek, founder and CEO of 
NetBeans . 

...including NT, UNIX, Linux, OS/2, Win95, and Solaris. The system is 
built from several independent layers , and is designed to be open and 
easily extendible. The IDE is presented in the... 

. . .within the system - editing, compilation, execution and debugging. The 
entire IDE GUI is based on Java Foundation Classes and takes advantage of 
all its impressive features, including a pluggable look and feel and a rich 
component set. "Using Java technology for NetBeans IDE allowed us to 
build a product that leverages the 'Write Once, Run Anywhere (TM) 1 
capability of the Java platform, 11 said Roman Stanek, founder and CEO of 
NetBeans . 

NetBeans 1 distributed computing features also mean... 
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CompuServe Network Services L2F 

Chen, Elaine; Bournellis, Cynthia 

Electronic News (1991) Feb 24, 1997 p. 044 

ISSN: 1061-6624 

*FULL TEXT AVAILABLE IN FORMAT 7 OR 9* WORD COUNT: 102 

... up- customers based on Cisco Systems' Layer 2 Forwarding (L2F) 
technology. L2F is a media independent Layer 2 tunneling protocol 
offered in Cisco's IOS software. Layer 2 tunneling protocols provide dial 

...and filtering are all controlled by the customer's own network. Existing 
technologies, such as encryption , will run transparently end-to-end over 
Layer 2 tunnels ensuring privacy and confidentiality. 
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HTTP, Java provide run-time control 

Java, HTTP have applications in connecting embedded devices to Internet 
Electronic Engineering Times Nov 4, 1996 p. 60 
ISSN: 0192-1541 

*FULL TEXT AVAILABLE IN FORMAT 7 OR 9* WORD COUNT: 1418 
...native code methods. 

Our example of the embedded network switch uses the flexibility of the 
Java language to define distinct and separate layers of hardware- 
independent application code, and native, hardware-dependent code. This 
also has the side benefit of maintaining classes, and allowing the slower 
supervisory functions to be coded in Java . 



In addition to the network-switch example, Java can be used for 
warehouse-inventory control... 
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V-ONE Corp. Defines a New Class of Security Products: Security Middleware; 
Industry 1 s First Security Middleware product, SmartGATE, will be 
demonstrated at RSA Conference in San Francisco. 

Business Wire Jan 16, 1996 p. 01160206 

*FULL TEXT AVAILABLE IN FORMAT 7 OR 9* WORD COUNT: 877 

. . . frees the application developer from battling compatibility and 
security problems. "By relying on a vendor-independent layer that 
negotiates secure application sessions, an application can instantly take 
advantage of new technologies in encryption and authentication as they 
emerge, 1 ' Ranum said. 

Ranum noted that "V-ONE is trying to... 
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SunConnect: Moving Financial Services to the Web 
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banking and bill payment services; it is projected that the number will 
exceed 20 mil by 2000) 
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January 1998 

DOCUMENT TYPE: Journal ISSN: 0148-8848 (United States) 
LANGUAGE: English RECORD TYPE: Fulltext 
WORD COUNT: 2378 
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TEXT: 

...conduct commerce on a public network and the SWC module gets there by 
applying several independent layers of encryption and authentication 
to all communications involved in a transaction. The SWC module permeates 
the entire. . . 

...between different servers or between servers and traditional legacy data 
processing systems. In particular, the Java Electronic Commerce Framework 
adds to essential Java security capabilities for the emerging world of 
electronic commerce. 

The ITA module is at the. . . 
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ObjectShare Expands Relationship with Applied Reasoning to Distribute New 
Products ; Two Additional Products to Compliment ObjectShare 1 s 
VisualWorks. 

Business Wire 

DATELINE: IRVINE, Calif. April 2, 1998 WORD COUNT: 719 



...fully distributed client-server application development 
and server-side processing. GeoSynchrony offers a flexible, 
database-independent persistence layer and full map zooming and 
optimized spatial and non-spatial queries. GeoSynchrony was released 
in. . . 

. . .object-oriented 

solutions for network computing. With complete support for industry 
standards using Smalltalk or Java , the company offers its 
development environments, frameworks, along with consulting, 
education and support services worldwide... 
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MOTOROLA BRINGS WIRELESS OPTIONS TO NOTES 

Wireless Messaging Report Jan 30, 1996 V. 4 NO. 2 

WORD COUNT: 941 
PUBLISHER: BRP Publications 

... Mobile Data Inc.) and cellular digital packet data (CDPD) networks. 
Because it appears as an independent middle layer between Notes and the 
wireless network, and because it does so through the use of... 

...software does not change any of the features of Notes, including its use 
of data encryption to prevent the interception of messages while in 
transit. 

Eventually, Motorola plans to extend the... 
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NETSCAPE TAKES WRAPS OFF NETSCAPE NAVIGATOR 1.1 

The PCNetter March 1995 V. 10 NO. 3 

ISSN: 0893-8075 WORD COUNT: 575 

PUBLISHER: Architecture Technology Corporation 

. . .dynamic data 

- Additional security options, including an enhanced U.S. -only version with 
non-exportable encryption technology, and secure Usenet news/conferencing 
capabilities based on the application- independent Secure Sockets Layer 
(SSL) Protocol; this protocol is compatible with Netscape's recently 
published SSL source code reference... 
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Isolation systems isolating companies 1 sensitive data. (Isolation Systems 
Inc. ) 
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their infrastructure and lower costs." 



The InfoCrypt Series consists of four modular software and hardware 
encryption products which work together to provide a secure data pipeline 
across a public network like the Internet. The products operate at the 
network layer and are independent of the network topology and the 
software and operating systems. 

The InfoCrypt Enterprise base product... 
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Emerging standards back virtual secure tunnels. 
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WORD COUNT: 1350 LINE COUNT: 00113 

, similar to that of the earlier IEEE 802.10 standard — encapsulation 

formats, authentication headers, SDE layer specs, algorithm- independent 

encryption , security associations, virtual secure connections, etc. 
However, to date, the LAN bridge — oriented 802.10... 



2/3,K/16 (Item 3 from file: 148) 

DIALOG (R) File 148:IAC Trade & Industry Database 
(c) 1998 Info Access Co. All rts. reserv. 

08119009 SUPPLIER NUMBER: 17376789 (USE FORMAT 7 OR 9 FOR FULL TEXT) 
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... updated information — such as stock quotes, weather maps and other 

dynamic data. 

— Security options including encryption technology and secure 
Usenet news/conferencing capabilities based on the application- 
independent Secure Sockets Layer (SSL) open protocol. 

— Enhanced Usenet news interface, including hierarchical newsgroup 
browsing and searching, optimizations for. . . 
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dynamic data 

Additional security options, including an enhanced U.S. -only version 
with non-exportable encryption technology, and secure Usenet 
news/conferencing capabilities based on the application-independent 
Secure Sockets Layer (SSL) protocol have also been added. This protocol 
is compatible with Netscape f s recently published... 
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"Over there" for fun and profit. (Trade Shows) 
Szathmary, Richard 
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FULLTEXT; ABSTRACT 
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is transported across the WAN. The 8023 Trestle operates at the 
Media Access Control (MAC) layer which is independent of higher-level 
protocols. An encryption option is available for "sensitive but 
unclassified" applications. 
FOX- 2 

This is a 6.3... 

? 
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Set Items Description 

51 147 (INDEPENDENT? OR SEPARATE?) (N2) (LAYER? OR PROTOCOL?) 

52 8078 SECURITY? OR ENCRYPTION? OR DECRYPTION? OR CRYPTO? 
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54 7 (FIRST AND SECOND) (N2) (NODE? OR PROCESS?) 

55 1348 COMMUNICATION? (N) PROTOCOL? 
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57 0 S3 AND SI 

58 10 SI AND S2 

59 0 S8 AND S5 
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511 3 INDEPENDENT? (N5) (ENCRYPTION? OR CRYPTO?) 
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RECORD TYPE: Directory 

CONTACT: Erling Smedvig, VP North American Sales 
REVISION DATE: 970603 
VASCO Data Security Inc... 

VACMan/Server is the first protocol -independent authentication, 
authorization and accounting solution for Windows NT, Windows 95, Netware 
and UNIX. Designed specifically... 

DESCRIPTORS: Computer Security ; Remote Network Access; Network 

Administration Tools; Network Software; Local Area Networks; System 
Monitoring; Network Servers 
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REVIEW TYPE: Product Analysis 

GRADE: Product Analysis, No Rating 
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...only works with NT 3.51, and thus cannot support Windows 95 users. 
Citrix's protocol , Independent Computing Architecture (ICI), supports 
non-Windows clients, but Hydra's new protocol T.SHARE/T... 
...not found in Hydra, such as load-balancing, application configuration 
tools, user management features, and security . New Moon's Liftoff is 
expected to be released in 1998 and will be marketed. . . 
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REVIEW TYPE: Product Analysis 

GRADE: Product Analysis, No Rating 
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...the system's ability to support a corporate infrastructure. A company's 
infrastructure should provide security for WAN users, and suitable 
systems for active and nonactive data storage are required. Right Site... 
...jukeboxes for permanent archival storage, and OPEN/stor provides a 
centralized data storage that enhances security . OPEN/stor resides under 
the server, and is transparent to network users. It manages data... 

...NT systems on the network. Among topics discussed are indexing or 
cataloging, replication, maintaining a separate annotation layer , and 
FileNet's products for document indexing. 
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...is the extra maintenance and expense required, as well as the necessity 
of keeping two separate layers of security . SNA Server also limits 
choices because it can handle only Windows clients. The additional gateway 
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... PRODUCT NAMES : 833029) ; Conputer Security ( 

...there are currently several competing protocols and specifications. 
MasterCard and Visa are competing with different security specifications, 
both of which are mutually incompatible. MasterCard, with IBM, Netscape, 
GTE, and CyberCash, has... 

...usage of the Internet as a commercial platform, because merchants would 
have to support multiple protocols . Separately , Microsoft and Netscape 
are competing with different general security specifications. Microsoft's 
Private Communications Technology (PCT) will compete against Netscape's 
Secure Sockets Layer (SSL) . PCT differs from SSL by separating 
authentication from encryption , thereby supporting stronger 
authentication schemes. 

DESCRIPTORS: Internet; Computer Security ; Communications Standards; 
Internet Marketing; Public Networks; Electronic Funds Transfer; 
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...administrators to provide workstation Internet links simply by plugging 
the device into a network. No separate Transmission Control Protocol 
/Internet Protocol (TCP/IP) stack is required. The administrator merely 
enters service provider data and. . . 

...Internet Protocol address, and the product prohibits incoming TCP/IP 
from the Internet for enhanced security . A beta user testing the product 
with a router connection likes the higher communications speed. . . 
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GRADE: Product Analysis, No Rating 
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...2,500 applications have been ported to the environment. DEC also 
announced the Multi-Level Security Plus feature that extends C2 security 
and addresses some of the vulnerabilities of windowing and NFS. In April, 
Digital announced AdvantageClusters . . . 

...software to DEC OSF/1. OpenStep is NeXT 1 s proposed standard for an 
operating system independent application layer that runs on several 
host operating systems. Digital also plans to integrate OpenStep with 
ObjectBroker . . . 
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PRODUCT NAMES: Computer Security ( 

...also provides mechanisms to protect sensitive information, and complies 
with the Department of Defense's security criteria. MGS was developed to 
achi eve A— class certification, and contains many novel aspects. It was also 
the first attempt to distribute protocols over separate processors. The 
main security assertions are that the system accepts data only from input 
wires, and only if the data is consonant with security levels of the 
input wires. Furthermore, the system delivers data to an output wire only 
if it is derived from data received at input wires, and only if security 
levels are the same as the output wire. Also, the system will deliver data 
only to output wires, only if data is consonant with security levels of 
the output wires. 
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...video compression. The Netblazer series of remote access servers offers 
strong options for management and security . Remote LAN Node 2.0 has an 
impressive protocol -independent , modular approach to remote LAN access. 
CentrumRemote 1 s feature set is very comprehensive. WinView for... 
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00040659 DOCUMENT TYPE: Review 

PRODUCT NAMES: Simple Network Management Protocol (SNMP) (830056) 

TITLE: With SNMP, No LAN Is an Island 

AUTHOR: Sprung, Lance 

SOURCE: LAN Times, v9 nl6 p29(2) Aug 24, 1992 
ISSN: 1040-5917 

HOMEPAGE : http : //www. lantimes . com 

RECORD TYPE: Review 

REVIEW TYPE: Product Analysis 

GRADE: Product Analysis, No Rating 

REVISION DATE: 940330 

...International Standards Organization (ISO) finds network management 
necessary for fault control, performance, configuration, accounting, and 
security . SNMP is a simple protocol, using only three commands and is 
protocol -independent . An agent, a manager, and a management information 
base (MIB) , along with a command set... 
»>KWIC option is not available in file(s): 278 
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00087324 DOCUMENT TYPE: Review 

PRODUCT NAMES: Common Security Services Manager (CSSM) (596744) ; 
Microsoft CryptoAPI (596736) ; Microsoft Windows 95 (551473) ; Microsoft 
Windows 95 (900172) ; Microsoft Windows NT (347973) 

TITLE: Intel, Microsoft creating APIs for encryption 

AUTHOR: Moeller, Michael Leach, Norvin 
SOURCE: PC Week, vl3 n3 pi (2) Jan 22, 1996 
ISSN: 0740-1604 

HOMEPAGE: http : //www. pcweek . com 

RECORD TYPE: Review 

REVIEW TYPE: Product Analysis 

GRADE: Product Analysis, No Rating 



REVISION DATE: 960530 



...beta release of the NT Shell Upgrade release and in a future Windows 95 
release. CryptoAPI observes the same system-independent model as other 
Windows APIs, and developers write to one interface to call basic functions 
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00035997 DOCUMENT TYPE: Review 

PRODUCT NAMES: Open Systems Interconnection (OSI) (830053) 

TITLE: What Are the Standards for Interoperable LAN Security? 

AUTHOR: Minoli, Dan 

SOURCE: Network Computing, v3 n6 p!48(2) Jun 1992 
ISSN: 1046-4468 

HOMEPAGE: http: //www.NetworkComputing. com 

RECORD TYPE: Review 

REVIEW TYPE: Product Analysis 

GRADE: Product Analysis, No Rating 

REVISION DATE: 980830 

...10 standard for data link layer security standards for interoperable LAN 
security will resolve problems independent of the encryption algorithm 
used by devices on LANs. Provisions for authentication, access control, 
data integrity and confidentiality. . . 
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PUBLISHER: United Software Security, Inc.; United SW Security 



File 8:Ei Compendex (R) 1970-1998/Dec W2 

(c) 1998 Engineering Info. Inc. 
File 77: Conference Papers Index 1973-1998/Nov 

(c) 1998 Cambridge Sci Abs 
File 238:Abs. in New Tech & Eng. 1981-1998/Oct 

(c) 1998 Reed-Elsevier (UK) Ltd. 
File 35: Dissertation Abstracts Online 1861-1998/Nov 

(c) 1998 UMI 

File 202 : Information Science Abs. 1966-1998/Sep 

(c) Information Today, Inc 
File 65: Inside Conferences 1993-1998/Nov W5 

(c) 1998 BLDSC all rts . reserv. 
File 2:INSPEC 1969-1998/Nov W5 

(c) 1998 Institution of Electrical Engineers 
File 94: JICST-EPlus 1985-1998/Sep Wl 

(c)1998 Japan Science and Tech Corp(JST) 
File 233 Microcomputer Abstracts 1974-1998/Nov 

(c) 1998 Information Today Incl. 
File 6:NTIS 64-1998/Dec W4 

Comp&distr 1998 NTIS, Intl Copyright All Righ 
File 144: Pascal 1973-1998/Oct 

(c). 1998 INIST/CNRS 
File 434:SciSearch(R) Cited Ref Sci 1974-1989/Dec 

(c) 1998 Inst for Sci Info 
File 99:Wilson Appl. Sci & Tech Abs 1983-1998/Oct 

(c) 1998 The HW Wilson Co. 
File 603:Newspaper Abstracts 1984-1988 

(c) 1989 UMI 



Set 


Items 


Description 


SI 


8283 


(INDEPENDENT? OR SEPARATE?) (N2) (LAYER? OR PROTOCOL?) 


S2 


190796 


SECURITY? OR ENCRYPTION? OR DECRYPTION? OR CRYPTO? 


S3 


107 


( SECURE () CHANNEL? OR JAVA (N2 ) STREAM? OR JAVA () SECURE () CHAN 




NEL?) 


S4 


10699 


(FIRST AND SECOND) (N2) (NODE? OR PROCESS?) 


S5 


9790 


COMMUNICATION? (N) PROTOCOL? 


S6 


1 


((COMMUNICATION?) (N2) (CHANNEL? OR PROTOCOL?)) (N50) (S2(N3)I 




NDEPENDENT?) 


S7 


0 


S3 AND SI 


S8 


29 


SI AND S2 


S9 


0 


S8 AND S5 


S10 


78 


S2 AND S3 


Sll 


7 


S10 AND (SI OR S5) 


S12 


28 


S8 NOT PY=1998 


S13 


24 


RD (unique items) 


S14 


7 


Sll NOT PY=1998 


S15 
7 


5 


RD (unique items) 



6/7/1 (Item 1 from file: 8) 

DIALOG (R) File 8 : Ei Compendex ( R) 

(c) 1998 Engineering Info. Inc. All rts . reserv. 

01232650 E.I. Monthly No: EIM8208-026158 
Title: MANAGING DOMAINS IN A NETWORK OPERATING SYSTEM. 

Author: Donnelley, J. E. 

Corporate Source: Lawrence Livermore Natl Lab, Calif, USA 
Conference Title: Local Networks & Distributed Office Systems. 
Conference Location: London, Engl Conference Date: 19810500 
E.I. Conference No.: 00430 

Source: Publ by Online Publ Ltd, Northwood, Engl. Distrib in North Am by 
Renouf/USA Inc, Brookfield, Vt, USA p 345-361 
Publication Year: 1981 
ISBN: 0-903796-75-9 
Language: English 

Document Type: PA; (Conference Paper) 
Journal Announcement: 8208 
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04888678 E.I. No: EIP97123955832 
Title: Comprehensive multimedia control architecture for the Internet 

Author: Schulzrinne, Henning 

Corporate Source: Columbia Univ, New York, NY, USA 

Conference Title: Proceedings of the 1997 7th International Workshop on 
Network and Operating System Support for Digital Audio and Video 

Conference Location: St. Louis, MO, USA Conference Date: 

19970519-19970521 

Sponsor: IEEE 

E.I. Conference No.: 47528 

Source: Proceedings of the IEEE International Workshop on Network and 
Operating System Support for Digital Audio and Video 1997. IEEE, 
Piscataway, NJ, USA. p 65-76 

Publication Year: 1997 

CODEN: 002739 

Language : English 

Document Type: CA; (Conference Article) Treatment: G; (General Review) 
Journal Announcement: 9802W1 

Abstract: The Internet and intranets have been used to deliver continuous 
media, both stored and live, for a number of years. Most of the attention 
has focused on providing guaranteed quality of service (RSVP) and 
end-to-end data transport (RTP) , with every application using its own 
control protocol. In this paper, we describe a control architecture that 
offers most standard advanced telephony features and integrates stored and 
conference multimedia. The protocol re-uses much of the x infrastructure 1 of 
HTTP, including its security and proxy mechanisms. The architecture is 
instantiated by two related, but independent protocols : the Session 
Initiation Protocol (SIP) for inviting participants to a multimedia session 
and the Real-Time Stream Protocol (RTSP) to control playback and recording 
for stored continuous media. (Author abstract) 46 Refs. 
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04718197 E.I. No: EIP97063687722 
Title: Automated analysis of cryptographic protocols using Mur phi 

Author: Mitchell, John C; Mitchell, Mark; Stern, Ulrich 
Corporate Source: Stanford Univ, Stanford, CA, USA 

Conference Title: Proceedings of the 1997 IEEE Symposium on Security and 
Privacy 

Conference Location: Oakland, CA, USA Conference Date: 

19970504-19970507 



Sponsor: IEEE 

E.I. Conference No.: 46499 

Source: Proceedings of the IEEE Computer Society Symposium on Research in 
Security and Privacy 1997. IEEE, Piscataway, NJ, USA, 97CB36097 . p 141-151 
Publication Year: 1997 
CODEN: PSSPEO ISSN: 1063-7109 
Language: English 

Document Type: CA; (Conference Article) Treatment: T; (Theoretical) 
Journal Announcement: 9707W5 

Abstract: A methodology is presented for using a general-purpose state 
enumeration tool, Mur phi , to analyze cryptographic and security 
-related protocols. We illustrate the feasibility of the approach by 
analyzing the Needham-Schroeder protocol, finding a known bug in a few 
seconds of computation time, and analyzing variants of Kerberos and the 
faulty TMN protocol used in another comparative study. The efficiency of 
Mur phi allows us to examine multiple runs of relatively short protocols, 
giving us the ability to detect replay attacks, or errors resulting from 
confusion between independent execution of a protocol by independent 
parties. (Author abstract) 19 Refs. 
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04238332 E.I. No: EIP95082834378 
Title: Dynamic addressing scheme for wireless media access 

Author: Bharghavan, V. 

Corporate Source: Univ of California at Berkeley, Berkeley, CA, USA 

Conference Title: Proceedings of the 1995 IEEE International Conference 
on Communications. Part 2 (of 3) 

Conference Location: Seattle, WA, USA Conference Date: 

19950618-19950622 

Sponsor: IEEE 

E.I. Conference No. : 43480 

Source: IEEE International Conference on Communications v 2 1995. IEEE, 
Piscataway, NJ, USA, 95CH35749 . p 756-760 
Publication Year: 1995 
CODEN: 002115 
Language: English 

Document Type: CA; (Conference Article) Treatment: A; (Applications); T 
; (Theoretical) 

Journal Announcement: 9510W4 

Abstract: This paper proposes a protocol independent Dynamic 
Addressing scheme for Wireless Media Access Protocols, and discusses 
related systems and performance issues. Dynamic Addressing allows spatial 
and temporal reuse of MAC addresses, thereby reducing the address size by a 
factor of 8. This reduces the control overhead in a MACAW left bracket 2 
right bracket style protocol by 30% to 70%, and produces an overall 
performance improvement of 5% to 33%. Dynamic Addressing also serves as an 
enabling technology for two important features in wireless media access 
protocols - security , and real-time support - as described in related 
papers. We are implementing the Dynamic Addressing scheme as a part of the 
LCMACA wireless media access protocol. (Author abstract) 7 Refs. 
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01232650 E.I. Monthly No: EIM8208-026158 
Title: MANAGING DOMAINS IN A NETWORK OPERATING SYSTEM. 

Author: Donnelley, J. E. 

Corporate Source: Lawrence Livermore Natl Lab, Calif, USA 
Conference Title: Local Networks & Distributed Office Systems. 
Conference Location: London, Engl Conference Date: 19810500 
E.I. Conference No. : 00430 



Source: Publ by Online Publ Ltd, Northwood, Engl, Distrib in North Am by 
Renouf/USA Inc, Brookfield, Vt, USA p 345-361 
Publication Year: 1981 
ISBN: 0-903796-75-9 
Language: English 

Document Type: PA; (Conference Paper) 
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0305595 ANTE NUMBER: 68959 
HOP: the next HTTP? 
AUTHOR (S) : Clip, P. 

JOURNAL: Byte 23 (1) Jan 97 p. 47-8. il. 
PUBLICATION YEAR: 1997 
ISSN: 0360-5280 
BLDSC SHELF MARK: 2941.560000 
LANGUAGE: English 

ABSTRACT: The Internet Inter-ORB Protocol (HOP), which is part of the 
Common Object Request Broker Architecture (CORBA) , is still a poorly 
understood protocol. The latest CORBA specification (version 2.1) 
describes HOP as the TCP/IP implementation of GIOP, the General 

Inter-ORB Protocol. GIOP defines a network protocol -independent set 
of messages, formats, and data encoding that all object request brokers 
(ORBs) must follow when communicating with each other. While GIOP defines 
the form and content of messages, HOP encodes the information necessary 
for invoking methods on objects in HOP IOR (interoperable object 
reference) profiles. IOR profiles are composed of a version number, the 
host and port of the ORB to which messages should be sent, an object key, 
and a series of components containing information used when invoking 

methods on the object (eg, the originating ORB's type and security 

parameters) . (Abstract quotes from original text) 
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DIALOG (R) File 35 : Dissertation Abstracts Online 
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1076287 ORDER NO: AAD89-19869 
AN EXTENDED REFERENCE MODEL FOR SUPPORTING INTEGRATED SERVICES COMPUTER 
COMMUNICATIONS 

Author: ALI, MUHAMMAD 
Degree: D.SC. 
Year: 1989 

Corporate Source/Institution: THE GEORGE WASHINGTON UNIVERSITY (0075) 
Source: VOLUME 50/06-B OF DISSERTATION ABSTRACTS INTERNATIONAL. 
PAGE 2491. 217 PAGES 

This study pertains to the design of an extended reference model (ERM) 
for supporting integrated services computer communications, in an Open 
Systems Interconnection (OSI) environment. Communications subnetworks for 
integrated services are coming into use, with a separate control flow for 
the control of connections carrying user data. However, there is no 
generally applicable reference model for developing protocols supporting 
separate control flows . 

The ISO RM supports only "in-band" control for connections and has 
limitations with regard to OSI management and security . Management data 
flows are pertinent to the OSI environment, but not all components of 
management flows are supported in the RM. The RM has a definition for 
security services at the seven layers but is deficient in the structural 
elements that are essential for highly secure computer communications in an 
OSI environment. 

The ISDN Protocol Reference Model (PRM) has architectural and 




functional elements for supporting a separate control flow that is fully 
effective for circuit-switched traffic only. The PRM also has limitations, 
similar to RM, pertaining to security and management flows. 

The ERM is designed to overcome these limitations. It is designed as 
an extension of the ISO Reference Model (RM) . An open system of the ERM has 
five planes that are orthogonal to its seven-layer structure. These planes 
support the independent-flow (both connection-mode and connectionless-mode) 
communications supported by the RM. They also support the dependent- flow 
communications requiring a separate control flow. The ERM has the 
architectural and functional elements for highly secure communications in 
the OSI environment and supports all components of the OSI management 
flows . 

The architectural complexity of a software system for independent- flow 
communication is compared with that of a software system for dependent- flow 
communication. The former system is based on the ISO RM, and the latter on 
the ERM. The comparison shows a decrease in architectural complexity when a 
separate control flow is introduced. 



13/7/7 (Item 1 from file: 202) 

DIALOG (R) File 202 : Information Science Abs. 
(c) Information Today, Inc. All rts . reserv. 

00216148 9706148 

ISA Document Number in Printed Publication: 9706480 

It's time for intranets. 
Document Type: Journal Article 

Author (Affiliation): Zelingher, J. (Ben Gurion Univ., Be'ersheva) 
Country of Affiliation: Israel 
Journal: M.D. Computing 
Publication Language (s): English 

Source: Vol. 14 Issue 4 p. 274-275, 277 Jul-Aug 1997 

The Internet is a global system of separate computer networks 
communicating through the Internet protocol, while an intranet is a set 
of networks operating under one umbrella or one owner — a corporation, 
government agency, or, in health care, a health maintenance 
organization or medical center. Access to intranets can be highly 
regulated and granted only to trusted members of the owner 
organization. The benefits that intranets offer to smaller healthcare 
organizations are outlined. These benefits are feasible at the level of 
a single department or division within any organization, such as a 
hospital, group practice, or clinic in the ambulatory setting. Use of 
an intranet in a healthcare facility can be initiated both centrally 
(by management and information systems personnel) and peripherally ( by 
one or a few functional units.) In addition to offering flexibility and 
security , intranets offer technical benefits. Since the Internet 
protocol is platform-independent , intranets can be set up without 
regard to the type of equipment owned or about to be purchased. 
Training for end-users is reduced, since standard Web browsers can 
serve as interfaces on all client stations of the intranet. 
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ISA Document Number in Printed Publication: 9106232 
SAA and NAS: the promise of distributed computing. 

Document Type: Journal Article 

Author (Affiliation) : Rauch, W. 

Journal: Data Communications (US) 

Publication Language (s): English 

Source: p. 68-76 Mar 1991 

The author explores the promise of distributed computing: 
multivendor operability, portability, and scalability with application 
program interfaces (APIs) and user interface standards. Two distributed 



environments, SAA (Systems Application Architecture) and NAS (Network 
Applications Support) are contrasted relative to IBM versus DEC and 
their respective technical and marketing orientations. The author 
presents a feature-by- feature comparison of SAA and NAS, summarized on 
a Network Services Table which includes the following: protocol 
stack, protocol -independent interface, file transfer, directory 
services, network management, OSI APIs, Gosip, MAP 3.0, distributed 
file access, remote procedure call, virtual terminal, network security 
, data link control, mainframe communications, PC networking, 
local-area networking, and wide-area networking. 
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5418010 INSPEC Abstract Number: C9612-7120-019 
Title: A framework for building an electronic currency system 

Author (s): Lei Tang 

Author Affiliation: GSIA, Carnegie Mellon Univ. , Pittsburgh, PA, USA 
Conference Title: Proceedings of the Sixth Annual USENIX Security 
Symposium: Focusing on Applications of Cryptography p. 113-22 
Publisher: USENIX Assoc, Berkeley, CA, USA 

Publication Date: 1996 Country of Publication: USA 214 pp. 
Material Identity Number: XX96-01392 

Conference Title: Proceedings of 6th USENIX UNIX Security Symposium 
Conference Date: 22-25 July 1996 Conference Location: San Jose, CA, 
USA 

Language: English Document Type: Conference Paper (PA) 
Treatment: Practical (P) 

Abstract: We describe a framework for building an electronic currency 
system. We detail the design of the components of the electronic currency 
system and the relationships among them. Contrary to previous electronic 
currency literature, which focuses exclusively on electronic currency 
protocol designs, we address how to achieve both transaction atomicity and 
transaction anonymity in the presence of hostile failures, which are common 
in an electronic currency system if the customers or the merchants are 
dishonest or malicious. We also propose a recovery method called redo 
transaction to recover from hostile failures so that the aborted electronic 
currency transactions caused by the hostile failures can be forced to 
commit eventually. The structure of the electronic currency system is 

protocol -independent in the sense that the Chaum-like (1981) off-line 
electronic currency protocol could be incorporated into our framework. (15 

Refs) 

Copyright 1996, IEE 
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4966671 INSPEC Abstract Number: B9507-6150M-024, C9507-5640-015 
Title: Anonymous credit cards of cash and credit cards 
Author (s): Low, S.H.; Paul, S. 

Author Affiliation: AT&T Bell Labs., Murray Hill, NJ, USA 
p. 108-17 

Publisher: ACM, New York, NY, USA 

Publication Date: 1994 Country of Publication: USA x+293 pp. 
ISBN: 0 89791 732 4 

U.S. Copyright Clearance Center Code: 0 89791 732 4/94/0011 . $3 . 50 
Conference Title: Proceedings of 2nd ACM Conference on Computer and 
Communications Security 
Conference Sponsor: ACM 

Conference Date: 2-4 Nov. 1994 Conference Location: Fairfax, VA, USA 
Language: English Document Type: Conference Paper (PA) 
Treatment: Applications (A); Practical (P) 

Abstract: This paper describes a communications networking technique for 



funds transfer which combines the privacy of cash transactions with the 
security , record-keeping and charging mechanisms of credit cards. The 
scheme uses a communications network and cryptographic protocols to 

separate information. The company that extends credit to the individual 
and collects the bill does not have access to the specific purchases, and 
the shop that sells the merchandise is convinced that it will be paid 
without learning the individuals identity. The information is separated to 
make it difficult to associate an individual with his purchases. Analysis 
of the information separation in this system shows that five parties must 
collude to associate an individual 1 s identity and purchases. If an 
individual deposits cash into the system, rather than asking for credit, 
then none of the parties need to know his identity. Complete anonymity is 
obtained while retaining the security against loss or theft and the 
record keeping capabilities of credit cards. (25 Refs) 
Copyright 1995, IEE 
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Title: Databases: more than a bunch of numbers 

Author(s): Matheson, K. 

Journal: CMA vol.67, no. 5 p. 13-16 

Publication Date: June 1993 Country of Publication: Canada 
CODEN: CMAAEA ISSN: 0831-3881 

Language: English Document Type: Journal Paper (JP) 
Treatment: General, Review (G) 

Abstract: Information systems consist of four functional layers: the top 
layer represents what the user sees; the second layer represents the tools 
and facilities provided to create applications; the third layer represents 
the data management functionality; and the fourth layer is the actual data. 
The value of database systems lies in their ability to manage the four 
layers separately : to manage data because they are important, to 

provide data to more than one application, to make applications operate on 
more than one database. An organization should consider five major issues 
in deciding whether or not to manage data separately from their use in 
applications: structure, integrity, data sharing, confidentiality and data 
life cycle. The author discusses all of these points and then discusses 
client-server information systems. (0 Refs) 
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Title: A new look at microkernel -based UNIX operating systems: lessons in 
performance and compatibility 

Author(s): Bricker, A.; Gien, M. ; Guillemont, M. ; Lipkis, J.; Orr f D. ; 
Rozier, M. 

Conference Title: EurOpen. UNIX Distributed Open Systems in Perspective. 
Proceedings of the Spring 1991 EurOpen Conference p. 13-32 
Publisher : EurOpen, Buntingf ord, UK 

Publication Date: 1991 Country of Publication: UK viii+331 pp. 
Conference Date: 20-24 May 1991 Conference Location: Tromso, Norway 
Language: English Document Type: Conference Paper (PA) 
Treatment: Practical (P) 

Abstract: With CHORUS V2, the authors experimented with a 
first-generation microkernel-based UNIX system. UNIX emulation was built as 
an application of a pure message-based microkernel. Their experience with 
CHORUS Vs taught them that some functions, such as IPC management, belong 
within the microkernel. Device drivers and support for heterogeneity, on 
the other hand, are best handled by separate servers and protocols . 
Supervisor actors are crucial to both performance and binary compatibility 
with existing systems. A global name space is necessary to simplify the 



interactions between system servers and the nucleus. Using CHORUS V3, 
subsystem designers have the freedom to define their operating system 
architecture and to select the most appropriate tools. Decision, such as 
the choice between high security and high performance, are not to be 
enforced a priori by the microkernel. The CHORUS V3 microkernel has met its 
requirements: the CHORUS/MiX microkernel-based UNIX system provides the 
level of performance of real-time executives, is compatible with UNIX at 
the binary level, and is truly modular and fully distributed. (12 Refs) 
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Author(s): Suzuki, T.; Kimura, K. ; Shibata, N. 
Journal: KDD Technical Journal no. 141 p. 55-61 
Publication Date: July 1989 Country of Publication: Japan 
CODEN: KTNKAY ISSN: 0452-3431 

Language: Japanese Document Type: Journal Paper (JP) 
Treatment: Applications (A); Practical (P) 

Abstract: The X.32 function expansion was performed for high speed 
communication, connection to an international integrated digital 
communication service, multiple logic channels, improvement of security 
function and replenishment of facilities. The authors discuss the X.32 
interface. When introducing the X.32 interface according to the 1988 
version CCITT recommendation considerations have been paid to the 
following: the existing interface must be included because the existing 
facilities are now providing services; common use with X.28 and X.25 
interface and hardware configuration independent of the protocol . The 
transmission and reception sequence from an X.32 terminal is illustrated. 
(5 Refs) 



13/7/14 (Item 6 from file: 2) 

DIALOG (R) File 2 : INSPEC 

(c) 1998 Institution of Electrical Engineers. All rts. reserv. 
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Title: Network security structure organization based on OSI information 
network architecture 

Author (s): Dong-Gyu Kim 

Journal: Korea Information Science Society Review vol.7, no. 5 p. 
26-34 

Publication Date: 1989 Country of Publication: South Korea 
CODEN: CHKWEN 

Language: Korean Document Type: Journal Paper (JP) 
Treatment: Practical (P) 

Abstract: Discusses end-to-end security system models; prototype 
security systems; porting; formal security models; the OSI Protocol 
Reference Model; peer entity authentication; connection oriented systems; 

security management information base; time stamping; handshaking; data 
origin authentication; connectionless oriented systems; one-way 
communication; electronic mail; authentication servers; encryption and 
decryption ; eavesdropping; the Data Encryption Standard; link 

encryption ; end-to-end encryption ; cryptographic check- functions ; 
data security pipe protocol; asymmetric cryptographic public auto-key 
system; digital signatures; data integrity; padding; notarization; total 
system management; secure data network systems; security protocols; 
confidentiality; and the Subnetwork Independent Convergence Protocol . 
(24 Refs) 
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Publication Date: April 1986 Country of Publication: USA 
CODEN: BSEQD6 ISSN: 0146-0900 

Language: English Document Type: Journal Paper (JP) 

Treatment: General, Review (G) 

Abstract: A key management system combines encryption and 
authentication methods to create a safe data network. Electronic 
distribution of keys is the most efficient means of insuring data security 
It is important to consider what kind of encryption a bank's terminals 
are capable of, since this will make a difference when the system is 
expanded in the future. Link encryption is done independently of the 

protocol and the terminal, so the system is easier to expand than 
end-to-end encryption (0 Refs) 
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Managing applications — Coping with chaos: the fine art of managing 
enterprise business applications 

Foote, Steven 

DBMS , October 1, 1997 , vlO nil p52-62, 6 Page(s) 
ISSN: 1041-5173 

Reports that the absence of comprehensive solutions for applications 
management requires IT organizations to piece together best-of-breed 
products that deliver some level of functionality in one or more of seven 
management areas. States the products have to deliver functionality in the 
critical management areas of storage, security , event/fault monitoring, 
and application performance. Adds that users have refined the original 
definition of applications management to include an application services 
layer that represents the growing use of middleware in support of 
distributed application transactions, and a hardware layer separate 
from the operating system layer that represents the latest developments in 
intelligent hardware components that can be monitored without requiring the 
operating system to be available. Includes a screen display and a photo, 
(dpm) 
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VPNs: just between us — Here's your confidential guide to everything 
you ever wanted to know about virtual private networks, including three new 
up - and - . . . 

Richardson, Robert 

LAN , February 1, 1997 , vl2 n2 p99-103, 5 Page(s) 
ISSN: 1069-5621 

Reports that virtual private networking (VPN) is gaining in popularity 
because it allows users to outsource remote access points and it offers WAN 
flexibility. Says that VPN operates on a simple concept: ^ you can use the 
Internet to carry packets where you would otherwise have to use hard wiring 
to get the job done. 1 1 However, there are unresolved issues relative to 
standards and network security . Reports that two industry initiatives, 
Point-to-Point Tunneling Protocol and Layer Two Tunneling Protocol , 

separate the authorization process from the answering process. Concludes 
that the greatest impact of VPN is not on cost but sx the strategic 
implications of how one performs communications with connected communities 
of interest.' 1 Includes three diagrams, (phi) 
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OSI and security analysis: the standard is a valuable blueprint for 
analyzing complex networks, including non-OSI systems 

Holoman, Stuart B 

Info Security News , July 1, 1995 , v6 n4 p64-66, 3 Page(s) 
ISSN: 1051-2500 

Discusses security analysis of the Open System Interconnection (OSI) 
model. Looks at how OSI affects the job of the security director, and 
notes that most security lapses can occur in non-required function areas . 
Presents a detailed look at each of the seven layers of OSI: Layer 1 is a 
physical layer, a topographical map of the networks, including all wiring; 
Layer 2 looks at the data-link connection through the error rate history: 
Layer 3 involves the network, where a map and knowledge of all possible 
routings is needed; Layer 4 is the transport layer that carries information 
between the network and end users and it requires its own separate 
routing map; Layer 5 is the session layer and requires viewing logon and 
logoff sequences; Layer 6 is where encryption occurs; and Layer 7 is the 
application layer where security involves keeping track of errors and 
access control. Includes one chart and a sidebar, (eqb) 
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Agents away — Tele script is a sophisticated communications language 
that is the centerpiece of a new style of information network — the 
electronic. . . 

Wayner, Peter 

BYTE , May 1, 1994 , vl9 n5 pll3-118, 4 Page(s) 

ISSN: 0360-5280 

Company Name: General Magic 

Product Name: Telescript; Magic Cap 

Reports on Telescript, an interpreted language from General Magic of 
Mountain View, CA, which can operate independently of all protocols and 
transports. Says that Telescript eases network communication by bundling 
messages and requests into one query which is transmitted to a distant 
computer, answered, and returned. Asserts that the language will be 
especially beneficial to personal digital assistant users. Adds that 
General Magic also has Magic Cap available, a PDA utility which eases 
access to phone numbers, addresses, etc. and uses Telescript. Examines the 
inner workings of Telescript and looks at security features. Concludes 
that while Telescript is limited in access, it is a unique innovation which 
is a good step forward in network computing. Features a sidebar, N "Speaking 
the Same Language. 11 Includes a diagram and a table, (cnr) 
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The major problems addressed by this thesis research are how to implement 
multicast over the Monterey BayNet to enable live audio/video for distance 
learning, how to safely integrate regional Frame Relay multicast with the 
global MBone, and how to monitor multicast connectivity over the Monterey 
BayNet. To implement multicast and MBone over the Monterey BayNet without 
using dedicated multicast servers, we enabled Protocol Independent 
Multicast (PIM) protocol on already-installed Frame-Relay-capable 
routers. By implementing multicast over Monterey BayNet, we show that the 
current MBone software provides the same performance that it provides on 
regular Internet connections even on low-speed (128Kbps) Frame Relay 
network connections and low-cost personal computers. In order to control 
the scope of the regional multicast and to safely integrate regional Frame 
Relay multicast with the global MBone, we used administratively controlled 
multicast group addresses (224.0.1.20) in addition to the use of 
time-to-live (TTL) control mechanism. This eliminates global duplication of 
multicast packet delivery. Public-domain multicast monitoring tools are 
used to monitor the multicast connectivity through internetworks. Since 
these tools are available only to UNIX-based platforms, they cannot be used 
by the regional sites that mostly have windows and Macintosh platforms. We 
developed Web-accessible multicast monitoring pages in order to meet the 
multicast monitoring needs of the regional sites. Participating sites are 
now able to monitor regional multicast connectivity by accessing these 
pages, which permits remote problem diagnosis. That was previously 
impossible. Finally we synopsize firewall requirements for secure and 
effective use of multicast. 
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The use of software in the health care industry is becoming of increasing 
importance. One of the major roadblocks to efficient health care is the 
fact that important information is distributed across many sites. These 
sites can be located across a significant area. The problem is to provide a 
uniform mechanism to integrate this information. This paper documents the 
results of an investigation into the suitability of several different 
distributed access mechanisms. Five methods were examined; the Common 
Object Request Broker (CORBA) , Object Linking and Embedding (OLE), remote 
procedure call (RPC) , remote database access (SQL/RDA) and Protocol 

Independent Interfaces (PII, the authors specifically examined sockets) . 
These mechanisms were compared with regard for use in health care 
applications. In particular, the following capabilities were compared: Ease 
of use by the developer, Class of applications for which the technology is 
particularly effective in developing, Security capabilities. 



13/7/22 (Item 3 from file: 6) 

DIALOG (R) File 6:NTIS 

Comp&distr 1998 NTIS, Intl Copyright All Righ. All rts . reserv. 

1420557 NTIS Accession Number: DE89002820 
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Nessett, D. M. ; Fletcher, J. G. 

Lawrence Livermore National Lab., CA. 
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This paper defines the Authentication Domain Interface (ADI) Logon 
protocol for the LINCS distributed operating system that in conjunction 
with the Inter-Authentication-Domain Logon protocol gives users of LINCS 
terminals the ability to logon to hosts that do not support LINCS. In 
addition, it gives users of terminals connected to networks that do not 
directly support LINCS the ability to logon and use LINCS distributed 
resources. Hereafter, for the sake of brevity, the 

Inter-Authentication-Domain Logon Protocol is called the IAD Logon 
protocol. The IAD Logon protocol specification describes how the 
network-level protocols, transport-level protocols, and terminal protocols 
of separate authentication domains can be interfaced and defines an 
inter-authentication-domain logon protocol that supports user 
authentication and user authorization in the context of multiple 
authentication domains. The provision of inter-authentication-domain 
interactive services in LINCS requires interfacing the LINCS network-level, 
transport-level, virtual terminal, and logon protocols to their 
corresponding inter-authentication-domain standards through an interactive 
services gateway. In LINCS, an interactive services gateway is naturally 
structured as a set of (potentially) distributed modules. This paper 
describes how a LINCS interactive services gateway can be implemented and 
describes the actions each of its modules take in the suggested 
implementation. (ERA citation 14:005722) 
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Computer systems being incorporated into mature support networks are 
facing a substantial protocol-implementation effort in granting controlled 
access to their resources and in obtaining access to network-supplied 
resources. This protocol-implementation effort can be significantly reduced 
by use of resource-sharing protocols that are independent of specific 
resource semantics. A capability-passing model for distributed access 
control is described and several capability-management protocols are 
discussed. Highlights of the discussion include the inalienable right to 
pass capabilities, capability theft through data theft and reflection, 
capability management by public key encryption , a capability passing 
structure, and resource sharing with integrated network directories. 9 
figures, 2 tables. (ERA citation 05:039223) 
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Agents away 

AUGMENTED TITLE: General Magic's Telescript 
Wayner, Peter; 
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DOCUMENT TYPE: Feature Article ISSN: 0360-5280 

ABSTRACT: Part of a special section on wireless communications. General 
Magic's Telescript is an interpreted communications language that works 
independently of all protocols and transports. Telescript allows a user 
to bundle messages, requests, and preferences into an intelligent program 
that travels to a distant computer, gets answers to all queries, and then 
brings back the answers. Because of the savings in time, bandwidth, and 
money provided by Telescript, General Magic sees Telescript as the 
centerpiece of a global information network. The article describes 
Telescript and its security features and discusses its impending 
commercial applications. 
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Abstract: In this paper we identify and address the challenges unique to 
providing a secure ATM network. We analyze the network environment and 
consider the correct placement of security mechanisms, with particular 
attention to. data transfer protection, in such an environment. We then 
introduce and describe a key agile cryptographic device for ATM networks. 
We present the techniques to provide data confidentiality, synchronization, 
dynamic key change, dynamic initialization vector change, data integrity 
and replay protection on ATM data transfer. Finally, we discuss the 
corresponding control functions for setting up such a secure channel . 
We examine the impact of key exchange protocols on the design of ATM 
signalling protocols. Our effort in providing novel security services in 
ATM signalling systems has also been presented. (Author abstract) 47 Refs. 
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Source: Journal of Computer Security v 4 n 1 Sep 1996. p 55-80 

Publication Year: 1996 

CODEN: 002468 ISSN: 0926-227X 

Language: English 

Document Type: JA; (Journal Article) Treatment: T; (Theoretical) 
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Abstract: A calculus of channel security properties is presented which 
allows the analysis and comparison of protocols for establishing secure 
channels in a distributed open system at a high level of abstraction. A 
channel is characterized by its direction, its time of availability and its 

security properties. Cryptographic primitives as well as trust 
relations are interpreted as transformations for channel security 
properties, and a cryptographic protocol can be viewed as a sequence of 
such transformations. A protocol thus allows to transform a set of secure 

channels established during an initial setup phase, together with a set 
of insecure channels available during operation of the system, into the set 
of secure channels specified by the security requirements. The 
necessary and sufficient requirements for establishing a secure channel 
between two entities A and B are characterized in terms of secure 
channels to be made available during the initial setup phase and in terms 
of the minimal trust A and B must have into other entities or into trusted 
third parties. (Author abstract) 28 Refs. 
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Publication Year: 1993 
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Abstract: Advances in communication technologies have stimulated the 
development of computer networks that interconnect competing individuals, 
organizations, and even countries. In such computer networks, in order to 
communicate securely, agents must establish secure channels to other 
agents. In this paper, we present a secure communication protocol 
called Authenticated Datagram Protocol (ADP) that establishes host-to-host 
secure channels across networks, and builds agent-to-agent channels on 
top of host-to-host channels. We show how such a protocol can be layered at 
the subtransport level of the network protocol hierarchy, so as to provide 
high performance and security even in the presence of untrustworthy 
entities on the network. (Edited author abstract) 7 Refs. 
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Author (s): Papadimitriou, C.H.; Rangan, V.; Sideri, M. 

Author Affiliation: Dept. of Comput. Sci. & Eng., California Univ., San 
Diego, La Jolla, CA, USA 

Journal: Algorithmica vol.11, no. 5 p. 485-99 
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Language: English Document Type: Journal Paper (JP) 
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Abstract: In a very large distributed system, entities may trust and 
mistrust others with respect to communication security in arbitrarily 
complex ways. We formulate the problem of designing a secure communication 

protocol , given a network interconnection and a ternary relation which 
captures trust between the entities. We identify several important ways of 
synthesizing secure channels , and study the algorithmic problem of 

designing a secure communication protocol connecting the entities, 

given the connectivity of the network and the trust relationship between 
the nodes. We show that whether secure communication is possible can be 
decided easily in polynomial time. If we also require that channel 
synthesis proceed along unambiguous paths (in which case the protocol is 
defined on a spanning tree of the network) , we show that the design problem 
is NP-complete f and we give a linear-time algorithm for an interesting 
special case of the problem. (4 Refs) 
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A mechanism for secure communication in large distributed systems is 
proposed. The mechanism, called Authenticated Datagram Protocol (ADP) , 
provides message authentication and, optionally, privacy of data. ADP is a 
host-to-host datagram protocol, positioned below the transport layer; it 
uses public-key encryption to establish secure channels between hosts 
and to authenticate owners, and single-key encryption for communication 
over a channel and to ensure privacy of the messages. ADP is shown to 
satisfy the main security requirements of large distributed systems, to 
provide end-to-end security in spite of its relatively low level, and to 
exhibit several advantages over schemes in which security mechanisms are 
at a higher level. The results of a trace-driven measurement study of ADP 
performance show that its throughput and latency are acceptable even within 
the limitations of today's technology, provided single-key encryption / 
decryption can be done in hardware. 
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Patent Kind Lan Pg Filing Notes Application Patent 

US 5671279 A 24 

Abstract (Basic) : US 5671279 A 

The method involves using a secure transport layer which includes a 
channel security mechanism comprising a keyed message digest 
computation. The secure transport layer supports data privacy and 
integrity for communications between any two network nodes. Two secure 

channels are provided, where ther is one channel between a customer 
and a merchant and another channel between the merchant and an acquirer 
gateway, so that the merchant and acquirer are authenticated to each 
other and to the customer. 

A secure courier message is used for implementing an electronic 
payment protocol that provides at least any of signature, 
non-repudiation and secondary encryption terms. Node-to-node 
authentication, privacy and data integrity are automatically achieved 
by the secure transport layer. 

USE/ADVANTAGE - E.g. for secure processing of on-line commercial 
transactions. For credit card payment services, over internet. Uses 
secure connection in accordance with electronic payment protocol that 
secures payments and certifies infrastructure that is required to 
enable all parties to participate in electronic commerce. Provides 
necessary formats and interfaces between different modules and systems. 

Dwg. 1/4 
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International Patent Class (Main) : H04K-001/00 
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Abstract (Basic) : WO 9731450 A 

The method of key replacement in an insecure network environment 
involves generating an active key pair at one node. The pair includes 
active public and private keys. A replacement key pair is also 
generated at the node and is encrypted. 

The active and encrypted replacement public keys are sent to a 
second node over a secure channel . When the active pair is to be 
retired, a next replacement key pair is generated at the first node. 
This new key is encrypted and sent over the channel. The first 
replacement public key is decrypted at the second node. The first 
replacement key is then used as the active key. Preferably, the message 
sent to the second node during the replacement procedure includes the 
decryption key to allow the replacement key to be decrypted. 

USE/ADVANTAGE - For secure transaction processing. For automatic 
teller machine. For bank terminal. For use with personal computer. 
Robust encryption . Requires user to have possession of previous key 
to use replacement key. 
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System for transferring electronic notes between electronic modules - has 

processor based electronic modules creating cryptographically secure 
channel and transfer and receive electronic notes via channel, each 

module has memory storing notes with body group of data fields with 

monetary value data 
Patent Assignee: CITIBANK NA (CITI-N) 
Inventor: ROSEN S S 

Number of Countries: 017 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Main IPC Week 
EP 788066 A2 19970806 EP 92119461 A 19921113 G06F-017/60 199736 B 

EP 97105388 A 19921113 
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Patent Details: 
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NL PT SE 

Abstract (Basic) : EP 788066 A 

The system has processor based electronic modules (4-6) which 



create a cryptographs. cally secure channel and transfer and 
receive electronic notes via the secure channel . Each module has a 
memory for storing the notes. Each note includes a body group of data 
fields with data indicative of an initial monetary value of the 
electronic note. 

A transfer group of data fields includes a list of transfer 
records, each record is generated by a transfer electronic module and 
has a transferred monetary value and a transferee module identifier. A 
signature and certificate group of data fields includes a list of 
transfer devices containing each transfer electronic module's digital 
signature and certificate. 

USE - For implementing electronic money transfers between on-line 
systems of cooperating banks as alternative medium of economic exchange 
for cash, cheques, credit and debit cards and electronic funds transfer 
(EFT) . 

ADVANTAGE- Allows common payer to payee transactions without 
intermediation of banking system, and gives control of payment process 
to individual. 
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Commercial transaction initiating method enabling seller and buyer to 
communicate over quasi-public network - receiving seller's message for 
buyer and transaction and if buyer approves transaction, permits buyer to 
pay, via agent, for transaction, via secure communication channel using 
authorisation code 

Patent Assignee: FIRST VIRTUAL HOLDINGS INC (FIRS-N) 

Inventor: BORENSTEIN N S; LOWERY C M; NEW D; ROSE M T; STEFFERUD E; STEIN L 
H 

Number of Countries: 
Patent Family: 
Patent No Kind Date 



075 Number of Patents: 004 



WO 9716897 
AU 9675515 
US 5757917 
EP 858697 



Applicat No Kind Date Main IPC 



Al 19970509 WO 96US17556 A 
A 19970522 AU 9675515 A 
A 19980526 US 95548305 A 
Al 19980819 EP 96937866 A 
WO 96US17556 A 



19961030 H04K-001/00 
19961030 H04K-001/00 
19951101 H04R-009/00 
19961030 H04K-001/00 
19961030 



Week 
199724 
199739 
199828 
199837 



Priority Applications (No Type Date) : US 95548305 A 19951101 

Cited Patents: 3-Jnl.Ref; US 4799156; US 4947028; US 5283829; US 5291554; 

US 5329589; US 5420926; US 5557518; US 5590197 
Patent Details: 

Patent Kind Lan Pg Filing Notes Application Patent 

WO 9716897 Al E 41 

Designated States (National) : AL AM AT AU AZ BA BB BG BR BY CA CH CN CU 
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Abstract (Basic) : WO 9716897 A 

The method receives a message over the quasi-public network from 
the seller identifying the buyer and a transaction. A message is 



similarly sent to the buyer identifying the transaction. A message is 
received from the buyer indicating acceptance or refusal of the 
transaction. 

If the buyer's massage indicates approval for the transaction, the 
seller's agent is communicated with to permit the buyer to pay for the 
transaction via a secure communication channel. An authorisation code 
is received from the seller f s agent via the secure channel . A 
cryptographically signed message is sent including the authorisation 
code to the seller via the quasi-public network. 

USE/ADVANTAGE - E.g. for enabling payment for goods and services 
over quasi-public network. Enables users of Internet (RTM) to enter 
into commercial transactions for goods and services. 
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Clear and secure channels interface operating - detecting initiation 
of call being set-up through first and second channels, then sending 
message in response to initiation of call 

Patent Assignee: MOTOROLA INC (MOTI ) 

Inventor: KENNEDY P R; SANDBERG T W; WALDRON W B 

Number of Countries: 001 Number of Patents: 001 
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Patent Details: 

Patent Kind Lan Pg Filing Notes Application Patent 

US 5579394 A 10 

Abstract (Basic) : US 5579394 A 

The method involves detecting an initiation of a call that is 
set-up through first and second channels. A message is formed that 
conveys a signal to initiate a security set-up. The initiate 
security set-up signal is at least one audio tone, or an audio voice 
message. The audio tone is absent from the audio voice message. The 
message is sent through the first channel, in response to the detecting 
step. The message conveys an instruction to the second channel to 
initiate a security set-up. 

The method further entails determining, after the initiating step, 
when the security set-up signal is received from the first channel. 
The message is configured to omit the initiate security set-up signal 
from the message. The message is stopped after the initiate security 
set-up signal is received by the second channel. 

USE/ADVANTAGE - For establishing secure calls through communication 
network, for managing and distributing encryption keys. Allows 
reliably starting of secure calls when clear channel cannot be extended 
between ends of call. Provides compatibility with existing structures 
of secure terminals. 
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Transferring electronic money between processor-based electronic modules 
- transferring electronic notes via cryptographically- secure channel 
, each note comprising data fields contg. monetary value, transfer 
records and sequence number for unique identification of note 
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Abstract (Basic) : WO 9633476 A 

The electronic note transference system has processor-based 
electronic modules creating cryptographically secure channel and 
transferring and receiving electronic notes via the channel. Each 
module has a memory for storing notes. 

Each note includes a body group of data indicative of a monetary 
value, and a transfer group of data fields with a list of transfer 
records. Each record is generated by a transferor electronic module and 
includes a sequence number distinguishing a transferred note from other 
transferred notes transferred from other transferor modules. 

USE/ADVANTAGE - For implementing electronic money transactions as 
alternative medium of economic exchange to cash, cheques, credit and 
debit cards and electronic funds transfer. Provides enhanced EMS system 
and elated method for economic exchange that is secure from re-use, 
duplication and counterfeiting. 
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Authentication method of terminal user using smartcard - using smartcard 
encrypted with running value and secret key to provide secure channel 
between workstation user and server 
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Patent No Kind Date Applicat No Kind Date Main IPC Week 

EP 566811 Al 19931027 EP 92810294 A 19920423 G06F-001/00 199343 B 

US 5347580 A 19940913 'US 9334023 A 19930601 H04L-009/32 199436 

Priority Applications (No Type Date) : EP 92810294 A 19920423 

Cited Patents: 2.Jnl.Ref; EP 140013; EP 234100; US 4679236; WO 8703977 
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US 5347580 A 12 
Abstract (Basic) : EP 566811 A 

The authentication method involves using an authentication server 
connected to a number of distributed workstations. Each smartcard has a 
unique identifier and includes a timer, as well as an input and an 
output with encryption via a secret card key. The server has a list 
of user names, personal identifiers, and at least one secret key. 

The workstation receives input data which defines the user, the 
smartcard and a value derived from the encrypted time. This is 
encrypted and/or transmitted to the server. The server computes values 
based on the received data and compares then with other received 
values. If a match is deemed to have occurred, an accept signal is sent 
to the workstation . 

ADVANTAGE - The smartcard is not personalised and thus is not 
associated with a partic. user. The secret key of the smartcard is not 
stored in the authentication server, enabling the processing required 
for management of the smartcard keys to be minimised. 
Dwg. 3/5 

Abstract (Equivalent) : US 5347580 A 

The method involves using a smartcard that encrypts the time 
displayed on the card with a secret, cryptographically strong key. 
The (public) e work station receives as input certain values defining 
the user, the card and a particular value derived from the encrypted 
time, and encrypts and/or transmits these values to the server. 

The server, in turn, computes from received values some potential 
values and compares these to other received values. If the server 
determines a match, an accept signal is transmitted to the work 
station. 

USE - The method involves, e.g. for banking system or data base 
system. 
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Digital block converting device - converts first block of digital data to 

second block of digital data 
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Abstract (Basic) : WO 9118459 A 

A device (12) for converting a digital block comprises nine coding 
stages (61.1, 61.2,69) the first eight of which are of identical 
construction, a coding partial block generation unit (63), an input 
unit (21) and an output unit (79) . Plain text (X) from an information 
source (11) is coded, blockwise, into coded text (Y) for sending on a 
transmission line (13), by introducing a secret code block (Z) via a 
secure channel (17) . 

Four partial blocks (X1-X4, W11-W14, W21-W24 , W81-W84, Y1-Y4 ) are 
coded in parallel. Each stage (61.1,61.2,69) has four first inputs 
(25-28,35-38), six or four second inputs 

(29,30,32,33,49,52;129,130,132,133) and four outputs (75-78). 

USE/ADVANTAGE - New, improved block coding which can be brought in 
line with European Standard. Can also be used to decode cipher text. 
(39pp Dwg.No.2/14 
Abstract (Equivalent) : EP 482154 B 

A device (12) for converting a digital block comprises nine coding 
stages (61.1, 61.2, 69) the first eight of which are of identical 
construction, a coding partial block generation unit (63), an input 
unit (21) and an output unit (79) . Plain text (X) from an information 
source (11) is coded, blockwise, into coded text (Y) for sending on a 
transmission line (13), by introducing a secret code block (Z) via a 
secure channel (17) . 

Four partial blocks (X1-X4, W11-W14, W21-W24, W81-W84, Y1-Y4) are 
coded in parallel. Each stage (61.1, 61.2, 69) has four first inputs 
(25-28, 35-38), six or four second inputs (29, 30, 32, 33, 49, 52; 129, 
130, 132, 133) and four outputs (75-78). 

USE/ADVANTAGE - New, improved block coding which can be brought in 
line with European Standard. Can also be used to decode cipher text. 

EP-482154 A device for the conversion of in each case a given first 
digital block of a first length (N) into an associated second binary 
digital block of equal length (N) with the use of at least one freely 



selectable binary control block, characterised by at least one first 
input (25-26; 50, 51; 125-128) for inputting at least two first subblocks 
(Xl-X4;el, e2;e5-e8) of a second length (m) which together form the 
first digital block (X;Wn) , by at least one second input 
(29,30,32,33,49,52,129,130,133) for inputting at least two control 
blocks (Z1-Z52) of the second length (m) , by a logic means 
(40,60,61.1,61.2,140) which in each case and serially perform at least 
four logical operations of at least two different kinds (+,.,+), 
wherein at least the predominants number of all pairs of immediately 
successive operations consists of two operations of different kinds 
(+,.,+), wherein by each operation in each case two input blocks 
(E1,E2) of the second length (m) are converted into an output block (A) 
of this length (m) , wherein first sub-blocks (Xl-X4;el,e2;e5-e8) , 
control blocks (Z1-Z52) and/or output blocks (A) of a respectively 
preceding operation serve as input blocks (E1,E2), and by at least one 
output (75-78;47,48;35-38) for outputting at least two second subblocks 
(Wnl-Wn2, Y1-Y4 ; al, a2 ; a5-a8 ) of the second length (m) associated with 
the first sub-blocks (Xl-X4;el, e2;e5-e8) and which together form the 
second digital block (Wn,Y) . 
(Dwg.1/14 

Abstract (Equivalent) : US 5214703 A 

The block conversion device comprises nine encryption stages 
(61.1, 61.2, 69), the first eight of which are constructed identically. 
The conversion device serves for the block-by-block encryption of a 
plaintext (X) proceeding from a message source (11) into a ciphertext 
(Y) to be delivered on a transmission line (13), in which a secrete key 
block (Z) is inputted beforehand via a secure channel . The 
encryption is effected in a step-by-step and parallel manner for four 
subblocks (X1-X4; W14;W21-W24; W81-W84; Y1-Y4) . 

Every encryption stage (61.1, 61.2, 69) comprises four first 
inputs (25-28; 35-38), six and four second inputs (29,30,32,33,49,52; 
129,130,132, 133), respectively, and four outputs (75-78). A total of 
fifty-two key subblocks (Z1-Z52) which are formed from the key block 
(Z) are connected to the second inputs. The device (12) can also serve, 
without being altered, for the decryption of an incoming ciphertext 
(Y) . Different key subblocks need only be connected to the second 
inputs for this purpose. 
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Key management for encrypted packet base networks - involves transmitting 
call from transparent devices to network from source and balancing 
traffic through transparent device 

Patent Assignee: RACAL DATA COMMUNICATIONS INC (RACA ) 

Inventor: CAMPBELL T D; TRBOVICH N G 

Number of Countries: 001 Number of Patents: 001 

Patent Family: 

Patent No Kind Date Applicat No Kind Date Main IPC Week 

US 4965804 A 19901023 US 89305672 A 19890203 199045 B 

Priority Applications (No Type Date) : US 89305672 A 19890203 

Abstract (Basic) : US 4965804 A 

In a packet based communication network (10), a key management 
centre (20) is used to distribute cryptographic keys for either a 
switched virtual circuit or a permanent virtual circuit. The key 
management centre to communicate directly with the data encryption / 
decryption devices (DE's) (14) event though they operate in a 



transparent mode (rather than a store and forward mode) . 

This is accomplished by balancing link counters with calls to 
fictitious addresses and/or use of interrupt packets transferred 
between the DET (12) and the DE. In permanent virtual circuits, the MAC 
of the last packet transmitted under the cold cryptographic key is 
exchanged to synchronise the key change. 

ADVANTAGE - Conforms to current standards while requiring no 
dedicated secure channel . (15pp Dwg.No.1/5) 
Derwent Class: W01 

International Patent Class (Additional) : H04L-009/00 
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Multi -channel broadcasting system - transmits encryption and decoding 
signals over secure channel then stores and cancels after use 
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Abstract (Basic) : EP 152251 A 

The system has a signal distribution network for transmitting 
signals on a number of channels between a head end and subscriber 
terminals. A channel selector switch for each terminal in controllable 
by the subscriber to select the channel on which to receive signals. 
Data signals are encrypted and transmitted over at least one channel. 
Set(s of encryption and decryption signals are generated by a 
circuit remote from the terminals. Either the encryption or 
decryption signals of one set are transmitted on a predetermined 
second channel to the terminal. A switch is controlled to temporarily 
select the second channel to receive the signals and then switched back 
to the first channel. 

The data signal is encrypted at the source by stored signals and 
decrypted at the destination using stored decryption signals. 

USE/ADVANTAGE - For e.g. conducting banking operations. Enciphering 
Enciphering/deciphering codes are not generally available to 
subscribers and can be changed each time transaction ins carried out or 
whenever security demands . 

0/1 

Abstract (Equivalent) : GB 2154108 B 

A broadcasting system comprising a head end, a plurality of 
subscriber terminals, a signal distribution network for transmitting 
signals on a plurality of channels between the head end and the 
subscriber terminals, a channel selector switch in respect of each 
terminal controllable by the subscriber to select the channel on which 
it is desired to receive signals, and means for encrypting data signals 
and transmitting the encrypted data signals over at least one channel 



of the network, the data signal encrypting and transmitting means 
comprsiing means remote from the subscriber terminals for generating at 
least one set of encryption and decryption information signals to 
be used in encrypting and decrypting the data signals to be transmitted 
over the one channel, means for transmitting either the encryption or 
the decryption information signals of said one set on a predetermined 
other channel to the one terminal, the predetermined other channel not 
being accessible to any terminal by operation of the terminal selector 
switch by the subscriber, means for controlling the terminal selector 
switch of the one terminal temporarily to select the predetermined 
other channel and then switch back to the one channel, whereby the 
transmitted encryption or decryption information signals are 
received by the one terminal only, means for storing the encryption 
and decryption information signals at the source and destination 
respectively of the data signal to be transmitted, and means for 
encrypting the data signal at the source using the stored encrypted 
data signal to the destination over the one channel, and decrypting the 
encrypted data signal at the destination using the stored decryption 
information signals. 
Derwent Class: P85; W01; W02 
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Secure channel selection in ti m e multiplexed data transmission - 
ensures that receiver switches channels correctly using highly redundant 
code 

Patent Assignee: SIEMENS AG (SIEI ) 

Number of Countries: 001 Number of Patents: 001 
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DE 1591566 B 19750904 197537 B 

Priority Applications (No Type Date) : DE 1591566 A 19670929 

Abstract (Basic) : DE 1591566 B 

An encoding format for time multiplexed data transmission is 
presented in which the channels at the receiving end are provided with 
the correct information with a very high degree of security . 

This is achieved by using a highly redundant encoding system 
incorporating a channel address with each transmitted data bit. The 
system is illustrated by considering an eight channel time multiplexed 
system transmitting data at 50 Bauds in each channel. 

Each data bit lasts therefore 20 ms . The multiplexer however scans 
the channels at 2400 Hz, thus transmitting six bits of information for 
every channel bit of information. These six bits are transmitted in 
series, with the eight channels interlaced at 2400 Hz. The six bits 
consist of a start bit, three bits representing the channel address, 
the information bit and a stop bit 

Derwent Class: W02 
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Method of accessing unique features of telephony network using protocol 
independent interface for e.g video conferencing system - involves 

establishing telephony by connection-oriented telephony network between 



first and second computers/ and transmitting data streams between first 
process on first computer and second process on second computer 
Patent Assignee: ANDERSEN D B (ANDE-I); TAI T C (TAIT-I) 
Inventor: ANDERSEN D B; TAI T C 

Number of Countries: 001 Number of Patents: 001 
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US 5674003 A 19971007 US 95430460 A 19950428 G06F-017/00 199746 B 

Priority Applications (No Type Date) : US 95430460 A 19950428 
Patent Details: 
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US 5674003 A 16 

Abstract (Basic) : US 5674003 A 

The method involves creating a first socket group comprising a 
first number of socket communication endpoints for use by the at least 
one first computer process on the first computer. A required 
quality-of-service associated with the first socket group is 
determined. A telephony connection is established by the 
connection-oriented telephony network between the first and second 
computers. A second socket group is created which includes a second 
number of socket communication endpoints for use by the second 
computer. 

A number of communication channels are established between each 
of the first number of sockets and corresponding ones of the second 
number of sockets. A number of data streams are transmitted between the 
first process on the first computer and the second process on 
the second computer by the number of communication channels 
multiplexed on the telephony connection. 

ADVANTAGE - Exploits characteristic of telephony network not 
available or not required in connectionless network such as LAN and 
WAN. 
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Packet radio mobile communications system - encapsulates data packets of 
external data network using point to point protocol and passes them 
through sub networks to point which supports protocol 
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Abstract (Basic) : WO 9621984 A 

The packet radio mobile communication network uses a point-to-point 
protocol independent of the universal communication protocol in 
the internal transmission of the packet radio system. A data packet 
according to the protocol contains the control fields used by the 
protocol, an identification field identifies the protocol used by the 
terminal equipment and a data field. A data packet according to the 
universal protocol is thus encapsulated in the data field of a data 
packet according to the point to point protocol in the internal 
transmission of the packet radio system. A special radio link protocol 
is used between the packet data terminal equipment and the packet radio 
support node on the radio interface. The radio link protocol supports 
point-to-multipoint addressing and the control of data packet 
retransmission. A data packet according to the radio link protocol 
contains the control fields used by the protocol and a data field. 

The packet data terminal and the support node are arranged to 
compress a data packet according to the point-to-point protocol 
transmitted over the radio interface by removing at least one control 
field and to encapsulate the remaining fields in the data field of a 
data packet according to the radio link protocol. The packet data 
terminal and support node are arranged to decompress received data 
according to the protocol, by adding the fields previously removed. 

USE/ADVANTAGE - Supports several external data networks and 
protocols enabling new protocols to be supported as flexibly as 
possible and with only minor modifications. 
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I-O network for computer system - provides data communication between 
several widely dispersed devices interconnected by LAN type media using 
processor at each node 
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The I/D network channel has a network communication medium for 
extending over a large physical distance. An interface connects each 
individual computer system device to a separate connection point on the 
medium. Each interface device has a predetermined ID number which 
distinguishes each node . 

A data transmitter is controlled to transmit link level 
information as part of each data message and to transmit physical level 
communication information which identifies the transmission of each 
data message. The controller responds to the transmitted information to 
cause the buffer to hold only those data messages having destination 
information specifying the partic. node . 

ADVANTAGE - Efficient time sharing of computer system resources, 
high data communication rate 
Abstract (Equivalent) : EP 333715 B 

A system to implement A character I/O channel (140: 140a, 140b) for 
communicating byte stream data (266) and control administrative 
information (264) in single IONET network level data packet messages 
(240) from source to destination Devices connected to the channel (140; 
140a, 140b) at a plurality of Nodes (174), each Device including a 
device interface (182) which connects to a device (176, 100; 176a, 
100a, 100b) which is separate from the Device, the device (176, 100; 
176a, 100a, 100b) being one of either an I/O device (176; 176a) which 
conducts I/O data transfers or a computer device 9100; 100a, 100b) 
including a memory (104) and a processor means (102) and a program code 
for operating the computer device (100; 100a, 100b), said character I/O 
channel (140; 140a, 140b) being for use in conjunction with a local 
area network (LAN) comprising a communication medium (170; 170a, 170b) 
commonly connecting the plurality of Nodes (174), LAN interface means 
(178) at each Node (174) for controlling access to the medium (170; 
170a, 170b) and communicating LAN packets between predetermined 
selected source and destination Nodes (174), each LAN data packet 
including a LAN data field and a LAN header field containing 
characterise which controls the interface means (178) to achieve Node 
to Node communications in accordance with a predetermined LAN 

communication protocol , characterised in that said character I/O 
channel (140; 140a, 140b) comprises in combination: point of use (POU) 
means (172) included in the Device and connected to the LAN interface 
means (178) at each Node (174), the POU means (172) connected to each 
I/O device (176; 176a) including a microcomputer means (180) including 
a memory and a program code for operating the microcomputer means 
(180); the program codes for the processor means (102) and the 
microcomputer means (180) defining a predetermined IONET communication 

protocol for communicating with Devices and their connected device 
interface (182) and devices (176, 100; 176a, 100a, 100b), the IONET 

communication protocol being separate from the LAN communication 
protocol , the POU means (172) being adapted to insert chambers in the 



data field of LAN data packets to form the IONET network level data 
packet messages (240) which have an IONET header field (260) and an 
administrative field (264) and a byte stream data field (266), the 
IONET header characterise (260) including a function code (278) 
specifying one of a plurality of control functions, the administrative 
field characters including an administrative information code (264) for 
use in accomplishing the specified control function to be performed by 
one of the Device or its device interface (182), the byte stream data 
characters (266) originating from a device (176, 100; 176a, 100a, 100b) 
at the source Node (174), and the POU means (172) of the destination 
Node (174) being adapted to directly interpret the function code (278) 
and the administrative information code characters (264) (a) to 
establish a session between the source and destination Devices to 
communicating IONET data packet messages (240) therebetween without 
acceptance of and interference from other IONET data packet messages 
(240) for the duration of the session, and (b) to perform a 
corresponding control function on one of the destination Device or its 
device interface (182) during the session, and (c) simultaneously to 
transfer to byte stream data characters (266) in unmodified form 
directly to the device (176, 100; 176a, 100a, 100b) connected to the 
device interface (182) of the destination Device. 
(Dwg.2/18 

Abstract (Equivalent) : US 4941089 A 

The IONET channel allows highly effective character and other 
communication between a number of low and medium speed devices of the 
same or mixed types connected directly to the I/O subsystem of a 
computer system. 

By using arbitration over LAN-type communication medium, relatively 
low cost point of use adapters with microcomputers distributed over the 
medium and connected to each I/O device individually or to a relatively 
small number of I/O devices are possible. A communication and control 
protocol efficiently controls, the microcomputers and controls 
communication of the data between the I/O devices and the computer 
system memory. 

The LAN-type communication medium, the protocol and the 

distributed low cost point of use adapters cooperatively function as an 
improved I/O channel controller. USE/ADVANTAGE - I/O network (IONET) 
channel for a computer system. 

Efficient and reduced cost. 

(36pp 
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Communication system for digital message block transfer - uses single 

communication channel for transmission of both small and large message 
blocks utilising polling priority scheme 
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Priority Applications (No Type Date) : US 85789093 A 19851018 

Cited Patents: l.Jnl.Ref; A3... 8906; JP 59211352; No-SR.Pub; US 3702008; US 

4177450; US 4340961 
Patent Details: 

Patent Kind Lan Pg Filing Notes Application Patent 
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DE 3685935 G Based on EP 221708 

Abstract (Basic) : EP 221708 A 

Nodes (26,28,30,32,34,36) are coupled to a common wideband 

communication channel (12) for the transfer of small and large 
digital message blocks. One of the nodes (26-36) is a master mode ■ 
controlling the communication on the channel (12) by selectively 
polling the other nodes (26-36). The system (10) has two separate 

protocols for the transmission of small and large message blocks. 

The master node establishes a polling priority (66) for each 

node and polls those with a higher polling priority more frequently 
than those with a lower priority. The master node allows the one 

node being polled to communicate over the channel (12) of either a 
small or a large digital message block. The master node adapts the 
polling priority (66) for each node based upon a predetermined 
algorithm. 
Abstract (Equivalent): EP 221708 B 

A communication system (10) for the transfer of small digital 
message blocks and large digital message blocks, having: a common 

communication channel (12) capable of facilitating the transfer of 
small digital message blocks and large digital message blocks; a 
plurality of nodes (26-36) coupled to said channel, each being 
capable of communicating- over said channel and each adapted to be 
coupled to a digital handling device (14-24); one of said plurality of 

nodes being designated as a master node , said master node 
controlling communcation on said channel by selectively polling the 
other of said plurality of nodes , said master node establishing a 
polling priority (66) for each of said plurality of nodes and polling 
those of said plurality of nodes with a higher of said polling 
priority more frequently than those of said plurality of nodes with a 
lower of said polling polarity; said master node allowing the one of 
said plurality of which is being polled to communicate over said 
channel with either said small digital message block or said large 
digital message block, characterized in that said communication system 
has a first protocol for the transmission of said small digital message 
blocks in a short time frame and has a second protocol for the 
transmission of said large digital message blocks in a long time frame, 
said long time frames being at least two orders of magnitude greater 
than said short time frames; said master node adapting said polling 
priority for each of said plurality of nodes based upon a 
predetermined algorithm; and wherein said master node adapts said 
polling priority for each of said plurality of nodes based upon 
whether a given node has recently had a digital message communication 
and based upon whether such digital message communication was a small 
digital message block or a large digital message block. (Dwg.5/8)N 
Abstract (Equivalent) : US 4763323 A 

Nodes are coupled to a common wideband communication channel 
capable of facilitating the transfer of small and large digital message 
blocks. One of the nodes is a master node controlling the 
communication of the communication channel by selectively polling 
the other nodes . 

The communication system has a first protocol for the transmission 
of small digital message blocks and a second protocol for the 
transmission of large ones. The master node establishes a polling 
priority for each node and polls those with a higher polling priority 
more frequently than those with a lower polling priority. The master 



node allows the one node being polled to communicate over the 
channel of either a small or large digital message block. Further, the 
master node adapts the polling priority for each of the nodes based 
upon a predetermined algorithm. 
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Transparent intelligent network for data and voice - operates 

independently of customer protocol and enables communication via 
central unit in limited stages 
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US 4316283 A 26 

Abstract (Basic) : US 4316283 A 

In a situation where connection is made to an X-25 computer and to 
a polled line, the network strips off the user protocol and only 
transmits that part of the information which represents usable data to 
the polled line. When the transmission is received back from the output 
port, appropriate protocol is reinserted, and it therefore appears to 
the external connections as if they are directly connected to each 
other. 

A system of the 2-level hierarchial type has a number of near 
neighbour connected star nets each having a central node . The central 
nodes are each directly connected to each other via 12-14 GHz 
satellite channels as well as terrestrial links which carry mostly 
protocol messages and re-transmissions for the purposes of error 
correction, although some part or all of the real time traffic can also 
be sent over the terrestrial links. This assures no more than three 
transmission hops between point of entry and destination, and 
contributes to speed and accuracy of transmission. 
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Information transmission method in cellular mobile network - indicating 
frame number of transmission frame, maintaining function of secured 
information transmission for subscriber or network device 
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Abstract (Basic) : EP 794679 A 

The formation or disconnection of an information securing 
connection of a subscriber device or a network device is initialised or 
acknowledged in the coupling field of a transmission frame. Renewal 
characters are input to indicate a frame number of a numbered 
transmission frame. The renewal characters are used to determine 
whether a frame is transmitted before or after formation or 
disconnection of a connection. 

The function of the secured information transmission is maintained. 
A transmission variable is set to a start value for the numbering of 
the frames to be transmitted according to the renewal characters. The 
transmission variable is used to determine the frame number of the next 
numbered transmission frame to be transmitted in sequence. 

ADVANTAGE - Maintains security protocol independently of 
physical structure of logical function channel. 
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Monitoring status of security devices - using non-interfering in-band 

protocol- independent diagnostic scanning in digital multipoint 
communication system 
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Abstract (Basic): US 4645871 A 

The security status encoder (25) comprises a DES encryptor 
operated in the K-bit cipher feedback mode- The DEE (12) comprises an 
automatic switch (30), a DES encoder (32) and a remote I 
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...SPECIFICATION or more common protocol radio access networks, and the 
backbone networks operate using technically incompatible communications 
protocols . 

One way of implementing such systems would be to provide a full set of 
protocol . . . 

...format (e.g. radio access format), and to utilise two or more different 
higher level communication protocols (corresponding to those utilised 
by different backbone networks), and further includes a control device 
for. . . 



...is envisaged that networks may evolve over time, so that a mobile 
terminal with preset communications protocols would, at best, be 
unable to make full use of the available networks and, at... 

. . .Accordingly, in preferred embodiments, the mobile terminal is arranged 
to be reprogrammable to use new communications protocols 
corresponding to new or amended backbone network communications 
protocols . 

It would be possible to reprogram each mobile terminal by returning it 
to the factory. . . 

...embodiment, we provide a mobile terminal which is arranged to download 
data relating to new communications protocols via the physical layer 
(e.g. radio access network). 

In one preferred embodiment, the data... 

...network components are arranged to perform signalling dialogue to 
automatically download data relating to new communications protocols 



when the transmitted signal indicating the backbone networks to which the 
radio access network is... 
. . . Figure 5; 

Figure 7 corresponds to Figure 6 and illustrates the functional 
components of the communications protocol software present in the 
radio access network of Figure 3; 

Figure 8 illustrates the structure... 

...into packets, ATM cells or a TDM bit stream and into a frame structure); 
data encryption ; redundancy reduction encoding and decoding; and other 
functions which are of themselves known. 

The RF. . .component, a B-ISDN MM component; and a B-ISDN adaptation 
component, and a packet communications protocol file 153 comprises an 
internet protocol (IP) component; an SNDCP-U packet radio component; and 
a adaptation component. 

Each component of each protocol file therefore corresponds to a 
separate layer protocol , and communicates with the layers above and 
below by the exchange of so-called "primitives... 

...CLAIMS wireless communication interface (21, 22) for communicating with 
a mobile terminal (10) employing low level communications 
protocols , and a plurality of network protocol interfaces (23a, 23b) 
for coupling to respective different communications networks (30, 
30b) employing respective different, incompatible, relatively high 
level communications protocols . 
16. Apparatus according to claim 15 further comprising means (25) for 
periodically transmitting a signal... 

...to claim 17, in which each said record (261-263) comprises a 

representation of said protocols which is independent of the 
construction of a said terminal (10) . 
19. Apparatus according to claim 18 in... 
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. . .ABSTRACT A2 

A multifunction passive infrared occupancy sensor (14) which functions 
as an occupancy sensor for security systems and also as an occupancy 
sensor for energy management control systems. The occupancy sensor... 

...representative thereof. A processing means (97) analyzes the output 
signal of the detector (91) for security detection purposes by 
detecting changes in the output signal greater than a given security 
threshold. The processing means (97) also analyzes the output signal of 
the detector (91) for. . . 

...the output signal greater than a given energy management threshold, 
which is less than the security threshold. In one embodiment (Fig. 5) 
first and second processing circuits detect changes in the detector 
output signal greater than the security threshold and energy management 
threshold. In a second embodiment (Fig. 6) the output of the... 

...to a digital processor (68) which utilizes one of two different software 
processing routines, a security threshold processing routine, and an 
energy management threshold processing routine. A further embodiment 
(Fig. 9... 

...SPECIFICATION invention relates to a multifunction occupancy sensor 
which provides a first occupancy output signal for security systems and 
a second occupancy output signal for energy management control systems. 
The multifunction occupancy. . . 

...the occupied space networked environment. The multifunction network 
sensor system further comprises energy management and security 
controller systems, and a common data communication network which 
connects to the multifunction sensor and. . . 

...systems, Demand Side Management (DSM) electrical load management control 

systems, presence monitoring systems, and for security sensing in 
security systems, although modules combining occupancy sensing and 
ambient light sensing have been used in nonnetworked systems. 

In general, the tripping of an occupancy sensor in a security system 
has more serious consequences than the tripping of an occupancy sensor in 
an energy. . . 

...a controlled lighting environment. In contrast thereto, the tripping of 
an occupancy sensor in a security system can result in the dispatching 
of security personnel or police to the monitored premises to personally 
check the premises for a security breach or intrusion. If the alarm 
turns out to* be a false alarm, a substantial... 

. . .wavelength, are well known in the art, and are frequently used as 

occupancy sensors in security systems, and in energy management control 
systems such as lighting control systems or HVAC systems... 

...view of the detector. Accordingly, such PIR sensors can be used as 
occupancy sensors in security systems and also in energy management 
control systems such as in lighting control systems or... 

...DSM systems and also in presence monitoring systems. 

In order to make occupancy sensors in security systems more reliable 
and accurate, as compared to occupancy sensors in energy management 
systems, occupancy sensors for security systems are characterized by 
basic design differences, among which are the following key differences: 



security threshold. 

6. A multifunction passive infrared occupancy sensor as claimed in any of 

claims 1 . . . 

...as an energy management control sensor with a greater circuit 

amplification gain or as a security sensor with a less circuit 
amplification gain. 

7. A multifunction passive infrared occupancy sensor as... 
...sensor by adding sensing elements, and to increase the field of view 

intensity for the security sensor by subtracting sensing elements. 

8. A multifunction passive infrared occupancy sensor as claimed in... 

...in claim 1, wherein the lens means comprises a first optical lens array 
designed for security and having a first number of lens segments, 
and a second optical lens array designed. . . 

...as claimed in claim 1 or claim 10, wherein the detection means comprises 
a separate security detector and a separate energy management 
detector, and further comprises a separate security amplifier 
having a security amplification gain, and a separate energy 
management amplifier having an energy management circuit 
amplification gain which is greater than the security amplification 
gain. 

12. A multifunction passive infrared occupancy sensor as claimed in claim 
11, wherein the ratio of energy management amplifier gain to the 

security amplifier gain is in the range of 3:1 to 5:1. 

13. A multifunction. .. energy management control sensor and when a 
detected event occurs, the sensor switches to a security sensor 
configuration for a period of time and looks for security detected, 
events are detected, and if no security events are detected, the 
sensor returns to an energy management control sensor. 
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...SPECIFICATION related to co-pending application Serial No. 08/402,027 
filed concurrently herewith, entitled ADAPTIVE PROTOCOL COMMUNICATION 

SYSTEM to Reem Safadi which is incorporated by reference as if fully 
set forth herein. .. located) , an operations support system (OSS) 28 
(co-located or remotely located), an integrated transport encryption 
multiplexer (ITEM) 30, a 64 quadrature amplitude modulation (QAM) 
modulator 32, an RF upconverter 34 . . . 12/L2G) . The AS EM 22 forwards 
appropriate scheduling parameters to the addressable controller 24 for 
encryption of pay-per-view (PPV) and impulse-pay-per-view (IPPV) 
services by the ITEMs . . . 

...demand (staggercast) services, including VIU authorization for those 
services and program scheduling by controlling the encryption 
subsystem. Access control and encryption parameters are forwarded to 
network elements which perform downstream and upstream encryption and 
decryption . In the preferred embodiment of the invention, downstream 
encryption is implemented in the ITEMs 30, 50 and downstream 
decryption is implemented in network modules 70, which are part of each 
STT 16. Upstream encryption is implemented in the network module 70 
and upstream decryption is performed by a network controller 62. For 
interactive service communications, which are facilitated at... 

...addressable controller 24 preprovisions the ITEMs 50 and the network 
modules 70 with the appropriate encryption /decryption parameters. 
For broadcast service communications, which are facilitated by the hub 
14, the addressable controller. . . 

...on scheduling information forwarded by the L1G 20 through the AS EM 22. 

The integrated transport encryption multiplexer (ITEM) 30 provides 
secure delivery of broadcast digital services information to the VIUs as 



. . .maintained end-to-end. The resulting MPEG2 transport multiplex 

(consisting of multiple audiovisual information streams, protocol - 
independent , from an ITEM 30 standpoint, information streams carried 
as AAL5-SDUs (such as stock quotes... 

...a given set of MPEG2 program streams within the MPEG2 transport 

stream. Access control and encryption related information is forwarded 
to ITEM 30 from the addressable controller 24. The ITEM 30... The network 
module 70 also communicates with the addressable controller 24 for 
access control and decryption /encryption authorization. 

The QPSK demod/mux 60 receives up to six upstream carriers, 
demodulates the carriers ... selected channel if the VIU is an authorized 
user. Similarly, digital video passes through the decryption and then 
MPEG2 decodes and D/A conversion to forward the composite video for 
display. . . 

...tuner 110 and descrambler 112 are controlled by the network module 70, 
which includes an encryption /decryption controller 124 and a MAC 
module 126. 

The network module 70 interfaces with a processor ... 400 is shown. The 
STT 16 includes a medium access control module 126 and a decryption / 
encryption control module 124 for communicating with the network 
controller 62 through the transmission network 56... 
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. . .ABSTRACT to define and activate unbalanced groups of unidirectional 

communications sub-channels for a user application. Protocol 
independent exchange identifications permit not only unbalanced 
transmission groups but also allow user-controlled extensions for... 



...SPECIFICATION unique sub-channels during their installation and 
communication over that sub-channel conformed to the communication 

protocols defined for that type of I/O device. Note that all 
sub-channels in the... the necessary parameters between the two ends of 
the sub-channel. Some form of system security is also desirable to 
ensure that the two ends of the sub-channels have the... 



...diversified channel environment gives rise to a number of system design 
problems . 

For example, channel security was easy to ensure when distances were 
limited to units expressed in terms of meters... 

...expands that distance to world-wide connectivity. In addition, earlier 
systems provided a degree of security by the use of pre-defined, static 
definitions. The flexibility of dynamic definitions also gives .. .which 
include the negotiation of system parameters and the provision of 
user-supplied system verification (security ) fields (e.g., encrypted 
passwords) . The exchange of system parameters such as buffering size and 



.the user data with the appropriate protocol processing and makes the 
sub-channel control process independent of the protocol of the user 
application 10 of FIG. 1. PDU header 26 also includes a sequence... 
protocols makes the entire operation of the multi-path channel interface 
of the present invention independent of the protocol of the user 
application. This protocol independence permits a very wide variety of 
users to. . . 



...MPC. Both the local and the remote MPC interfaces also verify system 
integrity and system security fields in the received XID-1 messages. 
Finally, differences in requests for data handling parameters ... noted 
above, the protocol identification fields, such as field 93 in FIG. 5, 
can include security information such as system identifications which 
are checked to determine whether or not communication is... 



...CLAIMS comprising at least one user application operating in said 
computer system according to a predetermined communications 
protocol to communicate blocks of data to a remote data utilization 
system over a communications channel... 



...2, 3 or 4 further comprising means in said message for selectively 
identifying said predetermined communications protocol . 

6. The input and output communications subsystem according to anyone of 
claims 1 to 5 further comprising means in said message for testing 
the security of said sub-channel. 

7. A method for input and output communications in a general... 



...comprising executing at least one user application in said computer 
system according to a predetermined communications protocol to 
communicate blocks of data to a remote data utilization system over a 
communications channel... 

...anyone of claims 7 to 10 further comprising the step of selectively 
identifying said predetermined communications protocol in a 
portion of said message. 
12. The method according to anyone of claims 7... 

...comprising the step of utilizing one or more fields of said message for 
testing the security of said sub-channel. ... 
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...SPECIFICATION The log-in procedure establishes the attributes of message 
handling, also referred to as the communication protocol , that will 
be followed by the host computer for the receiving of transactions from 
the. . . 

...word size and error detection and correction. 

Generally, a user is bound to the established communication protocol 
for the duration of the session. Session binding of the communication 
protocol takes place via control blocks that are created at the 
beginning of each session. The. . . 

...protocol, and therefore the host computer and information management 
system must accommodate a variety of communication protocols . 
Moreover, the networks in which the terminals might be connected could 
have different protocols. Again, the host computer system must support 
whatever communication protocol is being used by the attached network 
to receive messages from users, perform the necessary. . . 

...the information management system uses internally, and then convert the 
transaction response back into the communication protocol of the user 
for return. 

Fig. 1, for example, shows a computer processing system 10... 

...The connection processor establishes a communication session with each 
user terminal such that the terminal communication protocol will be 
recognized and transaction output will be properly directed. Each session 
is associated with. . . 

...that receive transactions from one of the user terminals through the 
connection processor, recognize the communication protocol being used 
by the terminal, and process the ...of the communication session. 
The user terminals 14 can potentially use any one of many 
communication protocols . For example, the terminals may communicate 
using an IBM Corporation protocol known as a "SNA. . . 

...and RPC. A different protocol interface module ("DDM") must be provided 
for each type of communication protocol that will be supported by the 
host computer 12. For each supported protocol, the connection... 

...the half duplex "DDM" modules frequently must communicate with full 
duplex user terminals and complex communication protocols , the "DDM" 
modules can be quite complicated and difficult to create. 
As can be seen. . . 

...DDM" modules, that can directly bridge the protocol gap between older 
system architectures and newer communication protocols . Moreover, 
some of the newer protocols are capable of performance that cannot be 
supported by. . . 

...a transaction protocol, for each one of a plurality of transactions, 
independently of any predefined communications protocol , based on 
said attributes; 

means for dynamically binding said transaction protocol to said one 
transaction. . . 

...on said attributes, for each one of a plurality of transactions 

independently of a predefined communication protocol , a transaction 
protocol comprising a synchronization paradigm and a flow control, said 
transaction protocol then... The system treats transactions as objects to 
facilitate a separate transaction-specific, application and session 
independent layer in a communications architectural model. Thus, users 
are provided with greater flexibility in their transaction... 



...the transaction processing system illustrated in Fig. 2. 

Fig. 9 is a representation of the security data of the transaction 
protocol used by the transaction processing system illustrated in Fig. 2 

...transaction manager 124. The user terminals send their transactions to 
the adapter appropriate for the communication protocol they are 
using. For each transaction that is received, the adapters recognize the 
communication protocol being used by the terminal and provide a 
transaction protocol that can be understood by... join. 

At the next diagram block 204, the adapter receives the transaction and 
recognizes the communication protocol of the user terminal. Next, at 
the next dia gram block 206, the adapter isolates the. ■ .which prefixes are 
attached to the message. The prefixes can comprise, for example, state 
data, security data, user data, or application data, or any combination 
thereof . 

The next data field illustrated. . . 

...field is for a token representing the message destination. 

Fig. 9 is a representation of security data information and 
illustrates novel security features provided by the transaction 
processing system constructed in accordance with the present invention. 
The first security data field is the length of the information, 
including the length field itself. The next data field is for a security 
flag, which can be set to indicate to the information management system 
that the user terminal has already gone through security verification 
procedures at the adapter level and which do not have to be repeated. In 
general, transaction protocols require security to be verified 
immediately before access to the information management system is 
granted. In accordance with the present invention, then, the adapters can 
perform security verification duties and therefore can eliminate 
duplicative security processing with the security flag data field. 
This can greatly reduce the amount of processing overhead. 

The next three. . . 

...the user identification itself, then the password length, the password 
type, the password itself, the security profile length not including 
the length field itself, the profile type, and the profile itself. . . 
considerations. As such, the invention can be implemented as a unique, 
transaction-specific reference model layer that is independent of 
the other layers. Thus, the protocol described above is not specific to 
any application. . . 

...CLAIMS a transaction protocol, for each one of a plurality of 

transactions, independently of any predefined communications 
protocol f based on said attributes; 

means for dynamically binding said transaction protocol to said 
one transaction. . . 

...process means for receiving the transactions from the transport means 
and determining said specified transaction protocol independently 
for each received transaction, each transaction protocol including a 
plurality of protocol data fields specifying. . . 

...on said attributes, for each one of a plurality of transactions 
independently of a predefined communication protocol , a 
transaction protocol comprising a synchronization paradigm and a flow 
control, said transaction protocol then. . . 

...claim 13 or claim 14, wherein the step of specifying further includes 

determining whether a security verification step has been performed 
and is not to be repeated. 
16. A method as... 
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...SPECIFICATION monitoring and controlling system to assess and to modify 
protocol activity for a variety of communications protocols . The 
protocols handled include Token Ring protocol, ETHERNET protocol, Fiber 
Distributed Data Interface (FDDI) protocol... 

...of the expert system and Programmable Performance Vector Generator 
combination is also applied, to additional communications protocols 
such as Ethernet protocol, FDDI protocol, SNA protocols, TCP/IP protocols 
or the SONET protocol... 

...significantly improve the functions, and services and management of any 

data communications network. It is independent of communications 
protocols , standards, and physical media. The Information Collection 
Architecture invention is physically connected to an existing ... or will 
exceed in the future) some criteria that indicates a performance problem, 
or a security violation, or a billing error, etc. 

The criteria that are used to evaluate whether the... 
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Communications protocol for exchanging interface information between a 
host and a terminal . 

. . .ABSTRACT A2 

The invention is directed to a communications protocol which 
facilitates the exchange of interface information between a host 
processor (200) and a terminal... 

. . .SPECIFICATION A2 

Field of the Invention 

The invention relates to communications protocols and more 
particularly relates to a protocol for exchanging messages between a 
transaction processor and. . . 

. . . Invention 

Based on the foregoing, we have recognized that there is a need for a 
communications protocol that is independent of the host transaction 
processor as well as the operating characteristics of different types of 



. .host might communicate with. Thus, an advancement in the art is achieved 
by providing a communications protocol for exchanging application 
interfa ce information between a host computer and user terminal, 
workstation or smart in the inventive communications protocol ; 

FIG. 8 is an example of the way in which a particular pattern of 
objects . . . 

..station set 10, and processor 200 communicate with one another in accord 
with the inventive communications protocol . 

More particularly, processor 200 is a multiuser computer that is 
programmed to implement the principles ... is used for storing information 
and data, such as, for example, credit card numbers, social security 
numbers, addresses, etc., that is personal to the user and, therefore, is 
not displayed on ... discards the received message. 

FIG. 12 illustrates in flow chart form the actions that the 
communications protocol program invokes with respect to receipt of a 



particular type of command received from an. 



. . .respectively. 

FIGs. 13-15 show in flow chart form the program which implements the 
inventive communications protocol in a data terminal, such as a smart 
phone, e.g., station set 10 (FIG... 

...CLAIMS discards the received message. 

FIG. 12 illustrates in flow chart form the actions that the 

communications protocol program invokes with respect to receipt of 
a particular type of command received from an... 

. . .respectively. 

FIGs. 13-15 show in flow chart form the program which implements the 
inventive communications protocol in a data terminal, such as a 
smart phone, e.g., station set 10 (FIG... 
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. . .ABSTRACT operating systems and may be connected to computer networks 
having different network architectures and associated communications 

protocols . The broker manages the service offerings from servers and 
service requests from clients, and clients... 



...SPECIFICATION platform, use the same operating system, and are 

interconnected using a single network architecture and communication 
protocol , connection and communication between applications and/or 
machines is straightforward. However, this ideal is seldom. . . 

...s System Network Architecture ("SNA") and IBM's Logical Unit 6.2 ("LU 
6.2") communications protocol / while LAN 7 might be based on a 
different architecture, such as OSI and its associated communications 
protocol . The communications protocol is a defined set of procedural 
rules which computers use to communicate across a network. 

The use of different hardware platforms, operating systems, or network 
architectures and their associated communications protocols inhibits 
the useful exchange of information between clients and servers in a 
heterogeneous environment, such ... calls . Such a system should support 
communication between applications independent of operating system, 
hardware, network/communication protocol , and programming language. 

Summary of the Invention 

The drawbacks of the prior art are overcome... 

...operating systems and may be connected to computer networks having 

different network architectures and associated communications 
protocols . The broker manages the service offerings from servers and 
service requests from clients, and clients... 

...service broker. 

An adapter may also be provided as a gateway to convert a foreign 
communications protocol to the function server protocol to allow 
applications programs to access the service broker functionality. . . 

...Each of the four LANs are based on a different network architecture, 
utilizing a different communications protocol / while each of clients 
10 and servers 12 run different operating systems. 
Service broker 14... s). 

Service broker 14 also provides a number of services 20, such as 
directory services, security services, and accounting services. 

II. COMMUNICATION WITH THE SERVICE BROKER 

A. Client/Server Processing Types... 

...content of the communication is carried by signals that are arranged 
according to a physical communication protocol 40 (such as SNA (LU 
6.2), TCP/IP, DECnet, and LANs). To provide communication between 
participants and the service broker 14 that is independent of the 
physical communications protocol 40, one or more higher communication 
layers are required. 

Accordingly, the communications network 22 provides ... in the 
appropriate protocol format to the physical network. 

The FSP is thus the common communication protocol to which the 
service broker and each participant must adhere at the LAPI 44. The... 

...ID field identifies the user and is required, for example, if the broker 
is providing security services. 

The Password field is used to prevent unauthorized access to a service 
as part of the Security Services. 

With the Wait field, the caller can choose between synchronous and 
asynchronous processing by. . .broker will reconnect the user with the 
previous environment. This is subject to validation if security is in 
effect. This is not needed by applications that mask the location from 
the broker or in circumstances when the broker can uniquely identify the 
reconnection. 

The Security Token field is only valid for certain types of security 
systems and is only then required if security is in effect. It 
provides a convenient means of user authentication and is returned to... 
...a client/server only — when a client/server has timed-out or 



Deregistered, a new security token must be obtained. 

The Send(unders core) Length field is necessary for SEND processing — it 
...as by translating data between ASCII and EBCDIC formats and performing 
data compression/decompression and encryption /decryption . 

III. THE SERVICE BROKER 1 S STRUCTURE 

The core or kernel of the broker consists of... of DEREGISTER. If 
associated with an individual Application it applies to the specific 
Application only. 

SECURITY — The broker uses this Attribute to invoke the required 
Security checks. The value STD invokes the standard routine that is 
supplied with the BROKER. If... it uses previously-used settings. The 
administrator can dynamically alter important application settings (such 
as security ) by using the administrator functions. 

The attributes can be placed on a variety of storage .. .proper 
authority, which is defined in the directory by the administrator and is 
verified (if security has been activated) . 

To register one or more services with the broker, a participant passes 
...Software A.G.'s REVIEW and IBM ! s SMF, or a straightforward serial 
file. 

3. Security 

The broker provides access to standard packages according to the 
platform to enable the administrator. . .prior to offering services to 
clients. Upon receipt of the register function, the broker performs 
security checks to determine if this server is allowed to register, and 
then makes a procedure... 

...CLAIMS so, to communicate the service request to the server, the system 
being characterised by a protocol independent communications 
transport layer , said transport layer having a low level 
application programming interface LAPI and being adapted to... broker 
to the server, characterised by disposing between the participants 
and the physical network a protocol independent communications 
transport layer having a lower level application interface LAPI 
accepting messages from the participants via the LAPI... 
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. . .ABSTRACT computer system which are loosely coupled together through a 

communications network operating with a standard communications 
protocol . The non-DCE and DCE computer systems operate under the control 

of proprietary and UNIX... 

...SPECIFICATION with such systems in terms of the lack of distributed 
software, network communications, and message security . 

In general, the approach has been to port a substantial number of 
software services f rom. .. remote procedure call (RPC) service component 
including presentation service, a Naming (Directory) service component, a 
Security service component, a Threads service component, a Time service 
component and a Distributed file system. . . 

...is based on the Apollo Network Computing System (NCS) which provides a 
clearly specified RPC protocol that is independent of the underlying 
transport layer and runs over either connectionless or connection 
oriented lower layers. . . 

...service application programming interface (API) and the X/Open Directory 
Service (XDS) API. 

The DCE Security Service component provides secure communications and 
controlled access to resources in the distributed system. There are three 
aspects to DCE security : authentication, secure communication, and 
authorization. These aspects are implemented by several services and 
facilities that together comprise the DCE Security Service, including 
the Registry Service, the Authentication Service, and Privilege Service, 
the Access Control List... 



...by the Authentication Service. Communication is protected by the 

integration of DCE RPC with the Security Service-communication over the 
network can be checked for tampering or encrypted for privacy. Finally 



...specified in the resource's Access Control List. The Login Facility 
initializes a user's security environment, and the Registry Service 
manages the information (such as user accounts) in the DCE Security 
database. 

The DCE Threads Service component supports the creation, management, 
and synchronization of multiple threads ... component, a call service 
component, a network listener service component, a binding service 
component, a security service component, an interface service 
component, an object service component, a communications management 
service component... 

...call handle which is part of every function in the call service 
component . 

The RPC security service component provides for the selection of four 
levels of security . These are the performance of authentication on 
every association establishment, the performance of authentication on... 
servers normally perform local services for client application program 
such as naming or directory services, security services and, time 



with a security level set, the ally component 12-10 creates a proxy 
binding handle to the security service. This is returned to the client 
application as the imported binding. Meanwhile, the ally component 12-10 
places the actual binding, as well as the security information, into 
its database for the forwarding service subcomponent 12-104 to use. 
Whenever a . . . 

...subcomponent 12-104 checks the database to determine whether the proxy 
binding has an associated security level. If so, the forwarding service 
subcomponent 12-104 passes the packet to the security service to have 
the relevant parts of the message encrypted according to the security 
information on the binding handle. The new packet is returned to the 
forwarding service subcomponent... 

...the server. Similarly, packets transferred from the server to the client 
are passed through the security service subcomponent 12-103 to decrypt 
any data for the client system. 
The above requires... 

...that the ally system must track. For example, the client context 
contains all proxy bindings, security information, forwarding 
information, etc. The ally system returns a context handle to the client 
system. ..set of binding handles from the ally system. In a similar 
-fashion, the DCE RPC security routines (e.g. sec... handle in the client 
database and checks to see if the client has requested a security level 
for this interface specification (e.g., printer interface). Also, the 
routine registers the security level information with the context 
handle and returns the CDS lookup context handle to the... call returns a 
vector of binding handles just as normal case if there is no security 
involved. Otherwise, the ally caches the vector of binding handles and 
returns a proxy binding. . . 

...to try until it either succeeds or the list exhausts. 

Without the involvement of the security , the proxy binding handle is 
not created until the list of binding handles was first... the other ally 
requests APIs are in a similar manner. For example, several of the 
security APIs form part of standard security DCE APIs (e.g. sec... 

...CLAIMS to said request section, a naming service section coupled to said 
request section, and a security service section coupled to said 
request section. 
8. The system of claim 1 wherein said... 
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DOCUMENT SHOWING CHANGES IN REAL TIME DATA 
VORRI CHTUNG UND VERFAHREN ZUM ERZEUGEN EINES BENUTZERDEFINIERBAREN , 

VIDEODARGESTELLTEN DOKUMENTS , DAS ANDERUNGEN VON ECHTZEITDATEN ANZEIGT 
DISPOSITIF ET PROCEDE PERMETTANT DE CREER UN DOCUMENT AFFICHE SUR ECRAN 

VIDEO QUI EST DEFINI PAR L 1 UTI LI SATEUR ET QUI PRESENTE LES 

MODIFICATIONS APPORTEES A DES 
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...SPECIFICATION hereby incorporated by reference. The TIB (R) software 

supports subject based addressing, network architecture decoupling, 
communication protocol decoupling, data decoupling and separation of 
information sources from consumers . The TIB software subject based... 

...spreadsheet. The spreadsheet can compute a result, e.g., the theoretical 
value of a derivative security , and publish it on the network through 
the TIB software. The program of the invention... 

. . .display at any particular time, but in alternative embodiments, several 
sheets may be shown in separate "windows" or layers on the display. 

BRIEF DESCRIPTION OF THE DRAWINGS: 

Figure 1 is a typical sheet layout... to the securities on the list. The 
ticker attributes are: 

* Create (command button) 

Adds a security to the list. A mouse click on a Create Button, i.e., 
the icon 19... tool is as follows: 

* Market Type (list) 

Used to select the Market Type for the security . 

* Ticker Style (list) 

Used to select the display format for trades or updates to the... 

...styles are generally different for the different market types. 

* Symbol (field) 

Used to enter the security symbol. The same conventions are used as 
for entering the symbol into the Quote dialog... use the alert facility: 

1. Make sure the correct price axis is highlighted for the security 
for which the user wishes to set an alert. 

2. Create two trend lines that define upper and lower limit ranges (a 
"channel") for the security . 

3. Activate the trend lines by clicking on any trend point with the 
right mouse. . . 

...line. The right mouse button is a toggle between active and inactive. 

4. If the security value goes above or below the channel formed by 
the two trend lines, the graph .. .market data from the Teknekron 
Information Bus (TM) (TIB (TM) ) component, a powerful suite of 

communication protocols that separate information sources, like 
MarketFeed 2, Ticker III, or Telerate TDPF from information consumers, 



like MarketSheet. clicked on. This allows the creation of "hypertext 
links" between related information, such as a security and its options 
pricing. Available tools include: 
* Grid 

When this tool is active, all creation. . . 



9/3,K/ll 

DIALOG (R) File 348: European Patents 

(c) 1998 European Patent Office. All rts . reserv. 

00541312 

ORDER fax of complete patent from Dialog SourceOne. See HELP ORDER 348 

A method for providing a security facility for remote systems management. 
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A method for providing a security facility for remote systems management. 

. . .ABSTRACT A2 

This invention consists of a method for providing security for 
distributing management operations among components of a computer network 
using a network of mutually. . . 

...SPECIFICATION invention relates to networked data processing systems, 
and in particular, to methods for providing a security facility for 
remote systems management (RSM) . RSM consists of performing system and 
application management functions... 

...a local system (i.e., within the control of a single management server) 
are executed, independently of network protocol . These processes are 
free to manipulate local data and make local decisions. However, when 
processes . . . 



..they communicate under the control of the network management servers. 

The management servers implement network communication protocol for 
transferring data and requests for performance of functions by network 
resources between the nodes... 

. .management operation. 

The management servers in a network should execute system management, 
which includes network communication protocol , in the networked data 
processing system in a way that maintains the "security " of the local 
systems and of the communication links between the local systems. Network 
security has traditionally consisted of means to protect against 
unauthorized access to operations or data contained within the network. 
This type of security prevents unintentional as well as deliberate 
attempts to access information or network processing resources within the 
data processing network. Another important aspect of security is the 
assurance given to the sender of data or network requests that the 
recipient will not corrupt or make unauthorized use of the information 
transmitted by the sender. "Security, " not only consists of restricting 
access to network resources, but also includes the guarantee that... 

. .management server, a data storage system or a data processing system. 

A "threat" to the security in a network is used herein to denote any 
activity which, if successful, will result in a breach of the security 
of the system.- A threat, if not neutralized, may destroy, -alter , 
duplicate or transmit without. . . 

..can be created by impostors or unauthorized processes operating within 
the network. 

Prior network management security facilities depend . . . servers . 

First, heterogenous management systems, i.e., ones containing local 
operating systems implementing inconsistent system security measures, 
cannot guarantee uniform protection of information transmitted between 
local systems in the network once the receiving management server gains 
control of the information. The security measures utilized by the 
receiving system may be inadequate or the receiving management server may 



..be compromised after the receiving management server gains control of 
the information. 

Second, some prior security mechanisms are not designed for RSM 
operations, and are not completely secure when used in... 

..unauthorized access to restricted network resources or information. 

In addition, locating the source of a security breach is difficult if 
each local system management server possesses the capability of 
utilizing programming tools outside the domain of RSM to modify the 

security measures associated with its local operating system. In order 
to diagnose all weak links in the security of the network, the local 

security measures of each management server in the network must be 
reviewed. Therefore, not only are these prior art systems subject to 
consequences of local security breaches, but also, the difficulty in 
identifying the source of the security breach increases as the size of 
the network becomes larger. 

Therefore, known RSM security facilities which utilize local 

security mechanisms external to the management service may present 
significant problems to one wishing to maintain a secure network. Weak 

security measures used by a local system may not be apparent to other 
local operating system management servers or users who do not have 
information relating to the security measures adopted by the other 
local systems of the network. Identifying the source of a security 
breach is complicated in systems where non-uniform security rules are 
used by different local operating systems because diagnosis requires 
knowledge of each local system's security measures. This is a 
formidable task if the network consists of more than a few nodes. 
Furthermore, diagnosis and elimination of security threats is further 
complicated when local security measures may be changed outside the 
network operating environment by local operating systems. 



Other approaches for providing security for RSM operations performed 
in a network environment depend on global user authentication. As an 
example, private-key encryption services in which keys are assigned to 
specific processes are frequently employed. This approach is... 

...cannot be modified without permission by a network authorization 
procedure. However, even under these circumstances security is not 
guaranteed because management systems which permit the control of 
operations to span multiple. . . 

... services to a large-scale networked computing environment, such 
approaches fail to adequately address the security problem. 

The desired solution to this problem is delegation which is the 
transfer of authenticated... 

. . .multiple systems . 

SUMMARY OF THE INVENTION 

The present invention overcomes the problems in prior art security 
facilities for networked data processing systems and maintains a secure 
network environment through the utilization... 

. . .management servers in the network. The method according to the invention 
uses an internalized network security facility implementing link-wise 
protection of management operations transmitted between management 
servers in a network. . . 

. ..e., that transmission between the two management servers is allowed). As 
an added measure of security , the sender and receiver are each required 
to authenticate the other. 

Furthermore, a host withholds... 

. . . user . 

The invention in its broad form resides in a system and method for 
providing security for a data processing network having (...server. 
Furthermore, the current invention reduces the difficulty in detecting 
and eliminating threats to network security by centralizing control 
over network security measures and providing a uniform set of rules for 
providing secure transmission of information between management servers. 
Centralization of security prevents local systems from singly 
compromising the security of the entire network since access to network 
resources from any given management server is... 

...the present invention. 

DETAILED DESCRIPTION OF THE INVENTION 

The present invention generally relates to a security facility for 
use in a networked data processing system. It is preferred that a network 
...well known method for authenticating processes is to utilize one of 
the several available keybased encryption systems to authenticate 
processes. Third, the management service which actually performs the 
function described within. . . 

. . .management operations on secure paths to other local systems in the 
network and maintaining the security of the local system 2. The 
management server 12 determines the proper link on which... 

...between the management servers. The trusted relation lists are generated 
independent from execution of the communication protocol by an 
autonomous network utility. These lists, though maintained by a global 
procedure, would preferably ...shows an illustrative network 
configuration of four (4) networked systems, S1-S4 for employing the 
security facility of the present invention. Each system S contains a 
single management server M and... 

...interface at Ml will be described in order to explain in detail the 
link-wise security measures provided by the current invention for RSM 
operations. The execution of a specified RSM... known acceptable means 
such as the key-based "Kerbesos" authentication service. System designers 
may prefer encryption based authentication schemes because unauthorized 
parties cannot appropriate legitimate user's keys by merely monitoring... 



operation submitted by an authorized user through a trusted path through 
the network links. Since security is established on a link-wise basis, 
a trusted path is inferred merely by verifying... 



. ..command was received by the host C4 through its trusted management 
server M3 . Additionally, the security of network transmissions is 
enhanced by having the management server M3 for the second host... 
..performed by host C4 . 

Thus there has been described herein a method for providing a security 
facility to ensure that only authorized individuals are permitted to 
perform or receive specific management... 

. . CLAIMS A2 

1. A method for providing security for a data processing network 
having (i) a plurality of management servers connected by transfer... 

..existence of a trusted relation with the sending management server. 

2. A method for providing security for a data processing network 
having at least an originating management server for providing a... 

, .step of authenticating by the host the final management server. 

5. A method for providing security for a data processing network 
having at least an originating management server for providing a... 

..existence of a trust relation with the originating management server. 

6. A method for providing security for a data processing network 
according to claim 5, including retrieving by a sending intermediate 

..step of authenticating by the host the final management server. 
10. A method for providing security for performing a composite 

operation involving a plurality of hosts on a data processing network 
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...SPECIFICATION messages transmitted over networks. The following 

background material, under the subheadings "Computer Network Background" 
and "Cryptography Background, " introduces various computer network and 
cryptography concepts and definitions. Those familiar with computer 
networks and cryptography may wish to skip these two sections. 

Computer Network Background: 

A computer network is simply. . . 

...or frames, such as checksums for error detection, and packet numbers. 

Although the data link layer is primarily independent of the nature 
of the physical transmission medium, certain aspects of the data link 
layer ... routers exchange information about the identities of the networks 
to which they are connected. 

When cryptography is used to protect data transmitted over a computer 
network, some network devices, such as... 

...the message to an adjacent LAN. As will also become apparent as this 
description proceeds, cryptography as applied to networks poses some 
problems that do not arise in a more conventional application of 
cryptography in point-to-point communication. When a message passes down 
through the various protocol layers... 

...a message frame to its intended destination and to recreate the message 
at the destination. Encryption must usually be applied only to the 
message content and not to the various message... 

.. .network protocols may be employed at any of the protocol levels. 
Therefore, a hardware-implemented cryptographic system for networks 
must be capable of handling message frames originating from these 
different protocols... 

...frames may get segmented into smaller frames as it passes through 
several intermediate network links. 

Cryptography Background: 

The principal goal of encryption is to render communicated data 
secure from unauthorized eavesdropping. This is generally referred to as 
the "secrecy" or "confidentiality" requirement of cryptographic 
systems. A related requirement is the "authenticity" or "integrity" 
requirement, which ensures that the communicated. . . 

...Plaintext" is used to refer to a message before encrypting and after 
decrypting by a cryptographic system. "Ciphertext" is the form that the 
encrypted part of the message takes during transmission over a 
communications channel. "Encryption 11 or "encipherment" is the process 
of transformation .from plaintext to ciphertext. "Decryption " or 
"decipherment" is the process of transformation from ciphertext to 
plaintext. Both encryption and decryption are controlled by a "cipher 
key," or keys. Without knowledge of the encryption key, a message 
cannot be encrypted, even with knowledge of the encrypting process. 
Similarly, without knowledge of the decryption key, the message cannot 
be decrypted, even with knowledge of the decrypting process. 

More specifically, a cryptographic system can be thought of as having 
an enciphering transformation Ek) ) , which is defined by... 

...Ek)) encrypts a plaintext message M into an encrypted message, or 
ciphertext C. Similarly, the decryption is performed by a 



non-SNAP/SAP destination. This case. 



...statistics. Such flexibility for selective disclosure of the protocol 
can be of great importance in security and network management. 

It will be understood that the foregoing description includes, by way 
of . . . 

...invention may be readily adapted for use in an Ethernet network 

architecture. Further, although the cryptography processing described 
above is best implemented in an l! on-board" processor that is integrated 
physically with other conventional network processing components, the 
principles of the invention still apply when the cryptographic 
processing is performed by an "off-board" processor or device added to a 
conventional network processor or node that did not previously have 
cryptogr aphic capab i 1 i t y . 

It will be appreciated that the present invention represents a 
significant improvement in the... 

...CLAIMS in claim 1, wherein: 

one of the first, second and third processing modules is a 
cryptographic processor for performing in-line encryption and 
decryption of information packets transmitted onto and received from 
a communication network. 
4 . A method for. . . 

. . .defined in claim 4, wherein: 

one of the first and second processing modules is a cryptographic 
processor for performing in-line encryption and decryption of 
information packets transmitted onto and received from a 
communication network. 
...CLAIMS dans lequel : 

l'un des premier, second et troisieme modules de traitement est en 
processeur cryptographique pour assurer le chiffrement et le 
dechif f rement direct de paquets d 1 informations transmis sur un. . . 

...4, dans lequel: 

l'un des premier et second modules de traitement est un processeur 
cryptographique pour le chiffrement et le dechif f rement direct de 
paquets d 1 informations transmis sur un reseau. . . 
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Cryptography processor and method with optional status encoding. 
Processeur cryptographique et procede avec codage d'etat facultatif . 

. . .ABSTRACT A2 

Cryptographic apparatus, and a related method for its operation, for 
in-line encryption and decryption of data packets transmitted in a 
communication network. A full-duplex cryptographic processor is 
positioned between two in-line processing entities of a network 
architecture. For example... 

...decide whether or not they contain encrypted data and, if they do, are 
subject to decryption before forwarding. Outbound information packets 
have their data portions encrypted if called for, and are usually 
forwarded toward the network communication medium. Cryptographic 
processing in both directions is performed in real time as each packet i 
streamed through. . . 

...processed information back in a reverse direction, to permit the host 
system to perform local encryption or decryption for various 
purposes, (see image in original document) 

...SPECIFICATION messages transmitted over networks. The following 

background material, under the subheadings "Computer Network Background" 
and "Cryptography Background, " introduces various computer network and 
cryptography concepts and definitions. Those familiar with computer 
networks and cryptography may wish to skip these two sections. 
Computer Network Background: 

A computer network is simply. . . 

...or frames, such as checksums for error detection, and packet numbers. 

Although the data link layer is primarily independent of the nature 
of the physical transmission medium, certain aspects of the data link 
layer ... routers exchange information about the identities of the network 
to which they are connected. 

When cryptography is used to protect data transmitted over a computer 
network, some network devices, such as... 

...the message to an adjacent LAN. As will also become apparent as this 
description proceeds, cryptography as applied to networks poses some 
problems that do not arise in a more conventional application of 
cryptography in point-to-point communication. When a message passes down 
through the various protocol layers... 

...a message frame to its intended destination and to recreate the message 



16. A method of operation of cryptographic apparatus in a communication 
network having multiple node processors connected to communication 
medium, the method. . . 

...from the content of the packet received from the second interface 

whether or not to cryptographically process data within the packet; 

cryptographically processing data in the transmittable packet 
if necessary; and 

forwarding the processed packet. 

18. A... 
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Generic encryption technique for communication networks 

. . .ABSTRACT A2 

A method and related cryptographic processing apparatus for handling 
information packets that are to be cryptographically processed prior to 
transmission onto a communication network, or that are to be locally 
cryptographically processed and looped back to a node processor. A 
special cryptographic preamble is included in each information packet 



that is to be subject to cryptographic processing. The cryptographic 

preamble contains an offset value pointing to the starting location of 
information that is to be processed, and completely defines the type of 
cryptographic processing to be performed. The cryptographic processor 
can then perform the processing as specified in the preamble without 
regard to a . . . 

..is to be transmitted onto the network, the preamble is stripped from th 
packet after cryptographic processing, so that the formats of packets 
transmitted onto the network will be unaffected by the preamble. 

Cryptographic processing modes include encryption of data for outbound 
transmission, encryption of a cipher key for loopback to the node 
processor, encryption or decryption of data for loopback to the node 
processor, and computation of an integrity check value... 

..SPECIFICATION messages transmitted over networks. The following 
background material, under the subheadings "Computer Network Background" 
and "Cryptography Background, " introduces various computer network and 

cryptography concepts and definitions. Those familiar with computer 
networks and cryptography may wish to skip these two sections. 
Computer Network Background: 

A computer network is simply. . . 

..or frames, such as checksums for error detection, and packet numbers. 

Although the data link layer is primarily independent of the nature 
of the physical transmission medium, certain aspects of the data link 
layer. .. routers exchange information about the identities of the network 
to which they are connected. 

When cryptography is used to protect data transmitted over a computer 
network, some network devices, such as... 

..the message to an adjacent LAN. As will also become apparent as this 
description proceeds, cryptography as applied to networks poses some 
problems that do not arise in a more conventional application of 

cryptography in point-to-point communication. When a message passes down 
through the various protocol layers... 

..a message frame to its intended destination and to recreate the message 
at the destination. Encryption must usually be applied only to the 
message content and not to the various message... 

..network protocols may be employed at any of the protocol levels. 
Therefore, a hardware-implemented cryptographic system for networks 
must be capable of handling message frames originating from these 
different protocols... 

..frames may get segmented into smaller frames as it passes through 
several intermediate network links . 
Cryptography Background: 

The principal goal of encryption is to render communicated data 
secure from unauthorized eavesdropping. This is generally referred to as 
the "secrecy" or "confidentiality" requirement of cryptographic 
systems. A related requirement is the "authenticity" or "integrity" 
requirement, which ensures that the communicated. . . 

..Plaintext" is used to refer to a message before encrypting and after 
decrypting by a cryptographic system. "Ciphertext" is the form that the 
encrypted part of the message takes during transmission over a 
communications channel. "Encryption " or "encipherment" is the process 
of transformation from plaintext to ciphertext. "Decryption " or 
"decipherment" is the process of transformation from ciphertext to 
plaintext. Both encryption and decryption are controlled by a "cipher 
key," or keys. Without knowledge of the encryption key, a message 
cannot be encrypted, even with knowledge of the encrypting process. 
Similarly, without knowledge of the decryption key, the message cannot 
be decrypted, even with knowledge of the decrypting process. 

More specifically, a cryptographic system can be thought of as having 
an enciphering transformation E( sub(k)), which is... 



cryptographic preamble that is attached to the message packet when 

encryption is desired. The cryptographic preamble contains encryption 
key information and an offset (i.e. a pointer) indicating the starting 
point in the packet at which encryption is to begin. Thus the 

cryptographic processor can skip intervening header information, 
regardless of its format and protocol, and begin encryption at the 
location indicated by the cryptographic header. The header does not 
affect packet formats transmitted on a network, because it (the 

cryptographic header) is stripped off the packet prior to transmission. 
Basically, this feature of the invention... 

...of falsely encrypted packets onto the network. It also greatly 

simplifies the implementation of the cryptographic processor, since 
each packet does not have to be completely parsed or analyzed to find the 
location of the data to be encrypted. 

The cryptographic preamble in a presently preferred embodiment of the 
invention is in the following format: (see... 

...a 12-bit offset that indicates the number of bytes to skip before 
starting the cryptographic operation. The flag bits include a device 
specific bit that will be zero in most cases, and a three-bit mode field 
that indicates the type of encryption operation being performed. The 
mode may be: 



0: Outbound encryption (not a loopback) ; 

1: Loopback KEY encryption ; 

2 : Loopback encryption ; 

3 : Loopback decryption ; 

4: Loopback ICV only. 



The SE-CTRL field defines the type of cryptographic process, and has 
fields to indicate confidentiality encryption / integrity encryption , 
the type of cryptographic algorithm (DES or other), the specific 
cryptographic algorithm mode used (such as ECB, CFB or CBC) , and the 
size of the cyclic. . . 

...CRC) to be used. The transmit key is an 8-byte field that defines the 

cryptographic key used for encryption . 

The cryptographic preamble contains all the information needed to 
locate the data that is to be encrypted and to determine the type of 

encryption that is required, regardless of the packet format that is 
used by various protocols. Use of the cryptographic preamble prevents 
the transmission of falsely encrypted packets onto the network. In 
addition, the presence of the preamble simplifies the hardware needed for 
encryption , since the entire packet does not need to be parsed. 
Use of programmable registers to facilitate decryption : 

In the cryptographic processing of received packets, the basic 
information needed includes the location of the decrypted data within the 
packet, and control for the decryption to be performed, such as the 

decryption key and the mode of encryption . The cryptographic 
preamble discussed above is not available at the receiving end of a 
transmission, since it... 

...transmission onto the network. 

This situation is complicated by the fact 
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A method for selective disclosure of the identity of a communication 
protocol under which an information packet originated, but without 
incorrectly identifying the protocol in a header accompanying the packet. 
If there is a need to conceal the identity of the underlying source 
protocol, a special anonymous protocol identifier is used, instead of the 
real protocol identifier, in the header of an encrypted information 
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ABSTRACT EP 464562 A2 

A technique to facilitate decryption processing of information 
packets transmitted over a communication network after encryption in 
accordance with a specific network protocol, the details of which may be 
subject to later change as standards are developed or modified. 
Programmable registers are used in the decryption process to hold 
information for identifying an incoming information packet as being 
subject to the specific protocol and requiring decryption / and 
identifying a starting location of a data field to be decrypted. 
Specifically one programmable register contains a first offset locating 
an identifier field in the packet, in which a cryptographic identifier 
will be found if the packet is one conforming to the protocol; another 
programmable register contains a cryptographic identifier value that 
will be found in the identifier field if decryption is to be performed, 
and a third programmable register contains a second offset to locate the 
beginning of a data field to be decrypted, (see image in original 
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A key telephone system includes a plurality of ports being linked by 
port associated bidirectional communication channels which are 
synchronously switched by transferring bit states between ones of the 
channels to provide communication paths between the ports as directed by 
a central processor (7). The ports are also linkable to and via the 
central processor (7) by port associated message channels. An interface 
circuit (8) is responsive to the central processor and message channel 
signals for regulating flow of messages received by the central processor 
and for effecting single and plural channel distribution of messages from 
the central processor (7) . The message channels permit telephony 
operating features and functions to be provided either within the central 



processor or by appropriate apparatus means being connected at any of the 
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ABSTRACT EP 224229 A2 

Improved alternate routing in a packet switching system is provided by 
inserting alternate routing control information (FIG. 11) into each 
packet and by storing alternate routing information at each network node 
(A, B, C) . The stored information at each node (A, B, C) includes a list 
of the available paths (107, 108, 109) extending from the node towards 
all other nodes together with a list of available algorithms that can be 
used to select one of the available routes. The alternate routing control 
information (ARF) in each packet contains postage information specifying 
the maximum number of nodes through which the packet is to travel. The 
alternate routing control information (ARF) also includes a destination 
map index code identifying the destination node. The destination map 
index is used as address information by each node receiving a packet to 
read out the stored information at the node identifying the available 
paths and the algorithm to be used in selecting one of these paths for 
use in transmitting the packet towards the destination node. The 
identified algorithm is then executed to select the path to be used. 
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This invention is a process for interconnecting an all points 
addressable printer (181) with a host application program (10) wherein 
the application presents output to be printed to the printer and wherein 
the host application can be present on a variety of different computing 
equipment such as a large host computer, a standalone workstation, or 
workstation on a local area network and wherein the all points 
addressable page printer can utilize any type of printing technology such 
as electrophotographic, magnetic or other and wherein the printer and the 
application host are interconnected by communicating means (17) such as a 
channel, local area network, or telecommunication line and wherein any 
type of transmission protocol can be used and wherein the process enables 
the transmission of commands and data from the host application to the 
printer in a manner which is independent of the communication means and 
transmission protocol. And, finally, wherein the process enables the 
transmission of a variety of types of data including text, graphics, 
image, or bar code which may be merged together on a single printed page. 
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ABSTRACT EP 615361 Al 

A general purpose, high-speed encryption system (50) and method, based 
on a linear feedback shift register (LFSR) (70) that provides inputs to 
one or more mathematically independent nonlinear output functions 
(80A-80N), resulting in the generation of multiple keystream outputs per 
clock cycle. Due to the parallel architecture, the system need only 
operate at a rate of 1/N, where N is the number of output functions. For 
example, the system can encrypt an 8-bit byte in one-eighth the time 
required for a conventional bit-oriented stream cipher. Alternatively, 
with high-speed serial-to-parallel and parallel-to-serial interface 
converters, the system can encrypt a serial data stream at a rate N times 
that of the system itself, (see image in original document) 
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ABSTRACT EP 602335 A2 

A method for establishing a secure communications link between first 
(103, 380) and second (109, 390) terminals includes a step of exchanging 
(210) a first message. The first message contains information describing 
encryption devices and communications modes available within the 
terminals and user authentication information. The method also includes a 
step of selecting (219, 221, 222, 224), in at least one terminal (103, 
109), a common key generation and ciphering algorithm. The method further 
includes steps of exchanging (230) a second message for providing data to 
form traffic keys, exchanging (250) a third message for synchronizing 
secure communications and initiating (270) secure communication, (see 
image in original document) 
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ABSTRACT EP 715283 Al 

A security enclosure is formed from layers of flexible material. One 
layer (11; 18) carries a flexible semiconductive line (10,13) arranged to 
extend over the whole area of the enclosure. Any interruption of the 
line by unauthorised opening of the enclosure changes the resistance of 
the line and so can be detected by a monitoring circuit. Further, two 
layers (17) of semiconductive fibres also cover the whole area of the 
enclosure and are separated by an insulating layer (16) . The length of 
the fibres is greater than the thickness of the insulating layer (16) so 
that if the enclosure is pierced fibres from one layer (17) will be 
forced into contact with fibres from the other layer (17) . This will 
change the combined resistance of the layers and this can also be 
detected by a monitoring circuit. The two measures can be used 
separately. (see image in original document) 
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The specification discloses with reference to Figure 1, a security 
thread (11) for use in security articles (10), said thread (11) 
comprising a substrate having a coating on one or both sides of the 
substrate, said coating containing a thermochromic material selected from 
pigments and dyestuffs which material changes from coloured to colourless 
when the temperature of said pigment or dyestuff is changed to the 
activation temperature. The thermochromic material may be coloured when 
the temperature is below the activation temperature and becomes 
colourless when the material is at the activation temperature or above. 
The thread (11) is for security paper (10) for use in producing banknotes 
and the like. 
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ABSTRACT EP 540139 A2 

A security enclosure comprises a flexible sheet (60) of insulating 
material extending over the whole of the area of the enclosure and 
carrying lines (62, 64) of electrically-responsive material on each side. 
The lines on one side of the sheet (60) extend obliquely relative to the 
lines on the other side of the sheet and are connected thereto at edge 
portions of the sheet to form a plurality of conductors so dividing the 
sheet into a number of relatively small areas so that attempted opening 
of the enclosure changes an electrical characteristic of the conductors. 
Connectors (70) are provided at an edge portion of the sheet (60) for 
individually connecting the conductors to a detector (88) for detecting 
the changes in the electrical characteristic of the lines (62, 64) . The 
connectors (70) include a switch arrangement which is selectively 
configured to connect further connectors (72) associated with the 
detector (88) with selected conductors. One edge portion of the sheet 
includes a plurality of line switches (66a - d) which are selectively 
configured to connect each one of the lines (62a - d) on one side of the 
sheet with a selected one of a plurality of lines (64a - d) on the other 
side of the sheet, (see image in original document) 
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ABSTRACT EP 400902 A2 

This invention is concerned with security paper (3) for bank notes, 
cheques and like documents in a security strip of enhanced security which 
is more difficult to counterfeit than the present bank notes containing 
window threads. Security papers according to the invention comprise at 
least one elongated security element (4) which security element is 
partially embedded within said paper with portions thereof being exposed 
at the surface of the paper at spaced intervals along the length of the 
security element at windows in the paper, said security element being 
visually detectable in transmitted light and being visible in the windows 
of the paper in reflected light, wherein the said security element 
comprises a plurality of layers including a support layer (11) and 
metallic regions (12) such that when the exposed portions of the security 
element are viewed in reflected light there is visible to the unaided eye 
in each window at least two metallic areas (1, 2) which form repeating 
patterns along the length of the element, with the said metallic areas 
being of different colour. 
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ABSTRACT EP 347209 A2 

A security enclosure is formed from layers of flexible material. One 
layer (11;18) carries a flexible semi conductive line (10,13) arranged to 
extend over the whole area of the enclosure. Any interruption of the line 
by unauthorised opening of the enclosure changes the resistance of the 
line and so can be detected by a monitoring circuit. Further, two layers 
(17) of semi conductive fibres also cover the whole area of the enclosure 
and are separated by an insulating layer (16) . The length of the fibres 
is greater than the thickness of the insulating layer (16) so that if the 
. enclosure is pierced fibres from one layer (17) will be forced into 
contact with fibres from the other layer (17) . This will change the 
combined resistance of the layers and this can also be detected by a 
monitoring circuit. The two measures can be used separately. 
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feeding in from the outside a command which disables the damaging means 
(10), the security shield comprising one or more electrical systems which 
at least together extend over essentially the entire surface of the 
shield and which cooperate with a processing circuit (14) which detects 
an electrical parameter of each system, and which is capable of 
delivering an activation command to the damaging means (10) when a 
detected parameter value deviates from a reference value. 
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A dye-receiving element and process for producing a high-security, 
monolithic identification card, the element comprising a support having 
thereon a dye image-receiving layer adapted to receive a 

thermally-transferred dye image, the dye image-receiving layer containing 
indicia printed thereon having a linewidth of approximately 40-120 (mu)m. 

ABSTRACT WORD COUNT: 49 



LEGAL STATUS (Type, Pub Date, Kind, Text) : 
Application: 880706 A2 Published application (Alwith Search Report 

;A2without Search Report) 
Search Report: 890329 A3 Separate publication of the European or 

International search report 
Examination: 890705 A2 Date of filing of request for examination: 

890428 

^Assignee: 890830 A2 Applicant (transfer of rights) (change) : 

EASTMAN KODAK COMPANY (a New Jersey 
corporation) (201210) 343 State Street 
Rochester New York 14650 (US) (applicant 
designated states: BE; CH; DE; FR; GB; LI ;NL) 
Examination: 900103 A2 Date of despatch of first examination report: 

891120 

Change: 900207 A2 Representative (change) 

Grant: 901122 Bl Granted patent 

Oppn: 911009 Bl Opposition 01/910816 Thomas De La Rue & Company 

Ltd.; 3/5 Burlington Gardens; London W1A 1DL; 
(GB) 

(Representative: ) Skone James, Robert Edmund; 
GILL JENNINGS & EVERY 53-64 Chancery Lane; 
London WC2A 1HN; (GB) 
Oppn: 911016 Bl Opposition 01/910816 Thomas De La Rue & Company 

Ltd.; 3/5 Burlington Gardens; London W1A 1DL; 

(GB) 

(Representative: ) Skone James, Robert Edmund; 
GILL JENNINGS & EVERY 53-64 Chancery Lane; 
London WC2A 1HN; (GB) 

02/910821 GAO Gesellschaft fur Automation und 
Organisation mbH; Euckenstrasse 12; W-8000 
Munchen 70; (DE) 



*Oppn: 920819 Bl Opposition (change) 01/910816 Thomas De La Rue 

& Company Ltd.; 3/5. Burlington Gardens; London 
W1A 1DL; (GB) 

(Representative: ) Skone James, Robert Edmund; 
GILL JENNINGS & EVERY 53-64 Chancery Lane; 
London WC2A 1HN; (GB) 

02/910821 GAO Gesellschaft fur Automation und 
Organisation mbH; Euckenstrasse 12; W-8000 
Munchen 70; (DE) 

(Representative: )Klunker, Hans-Friedrich, Dr.; 

Patentanwalte Klunker . Schmitt-Nilson . Hirsch 

Winzererstrasse 106; W-8000 Munchen 40; (DE) 
Revocation: 950816 Bl Revocation of the European patent: 950331 

Lapse: 951206 Bl Date of lapse of the European patent in a 

Contracting State: CH 901122, LI 901122 
Lapse: 951206 Bl Date of lapse of the European patent in a 

Contracting State: CH 901122, LI 901122 
LANGUAGE ( Publication, Procedural, Application) : English; English; English 
FULLTEXT AVAILABILITY: 

Available Text Language Update Word Count 

CLAIMS B (English) EPABF1 322 

SPEC B (English) EPABF1 2871 
Total word count - document A 0 
Total word count - document B 3193 
Total word count - documents A + B 3193 



12/5/12 

DIALOG (R) File 348: European Patents 

(c) 1998 European Patent Office. All rts . reserv. 

00224466 

ORDER fax of complete patent from Dialog SourceOne. See HELP ORDER 348 
Communications network. 
Kommunikationsnetz . 
Reseau de communication. 

PATENT ASSIGNEE: 

THORN EMI Electronics Limited, (716110), Blyth Road, Hayes Middlesex UB3 
1DL, (GB) , (applicant designated states: DE; FR; GB) 
INVENTOR: 

Marzolini, Remo Giovanni Andrea, 16, Hibernia Gardens, Hounslow 
Middlesex, TW3 3SD, (GB) 
LEGAL REPRESENTATIVE: 

Hurst, Richard Arthur Alexander et al (32172), THORN EMI Patents Limited, 
Central Research Laboratories, Dawley Road, Hayes, Middlesex UB3 1HH, 
(GB) 

PATENT (CC, No, Kind, Date) : EP 228830 A2 870715 (Basic) 

EP 228830 A3 890215 
EP 228830 Bl 921028 
APPLICATION (CC, No, Date) : EP 86309490 861205; 
PRIORITY (CC, No, Date) : GB 8531209 851218 
DESIGNATED STATES: DE; FR; GB 
INTERNATIONAL PATENT CLASS: H04L-009/00; 
CITED PATENTS (EP A) : EP 69831 A 
CITED REFERENCES (EP A) : 

ELECTRONICS INTERNATIONAL, vol. 53, no. 25, November 1980, pages 76,77, 

New York, US; J. GOSCH: "Portable case holds cryptographic unit" 
TELECOM REPORT, vol. 1, no. 3, June 1978, pages 160-163, Munich, DE; F. 
STR SSER: "Fernschreiber 1000 CA, eine Investition f}r die Sicherheit"; 

ABSTRACT EP 228830 A2 

Transmitter station 1 has a data source, a crypto unit 4, a buffer 
store 5 for encrypted signals and a transmitter 6 with an aerial 7, all 
with a common power supply 8. A switching control unit 9 has a position 
in which it connects data source 3 and crypto unit 4 to the power supply 
8 but isolates transmitter 6 therefrom, and another switch position in 
which transmitter 6 is connected to the power supply 8 while data source 



3 and crypto unit 4 are isolated therefrom. In this way, if any signals 
output from data source 3 pass directly (i.e. not via crypto unit 4) to 
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